211 matches found
Code injection
AMANDA Advanced Maryland Automatic Network Disk Archiver before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705...
UBUNTU-CVE-2023-30577
AMANDA Advanced Maryland Automatic Network Disk Archiver before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705...
Amanda 参数注入漏洞
Amanda is an automated network disk archiver organized by the University of Maryland at College Park. Allows IT administrators to set up a single primary backup server to back up multiple hosts to tape drives/converters or disks or optical media over a network. A security vulnerability exists in...
CVE-2023-30577
AMANDA Advanced Maryland Automatic Network Disk Archiver before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705...
CVE-2023-30577
AMANDA (backup system) is affected by CVE-2023-30577: the SUID binary runtar mishandles arguments, allowing certain GNU tar options (e.g., starting with --exclude) to be accepted and potentially cause root-level execution. This is a local privilege-escalation path tied to runtar’s argument handli...
CVE-2023-30577
AMANDA Advanced Maryland Automatic Network Disk Archiver before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705...
CVE-2023-30577
AMANDA Advanced Maryland Automatic Network Disk Archiver before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705...
PT-2023-8692 · Amanda +2 · Amanda +2
Name of the Vulnerable Software and Affected Versions: AMANDA versions prior to 3.5.4 Description: The issue is related to the mishandling of argument checking for runtar.c in the AMANDA software, which can be exploited to elevate privileges. This is a different issue than previously reported...
CVE-2023-30577
AMANDA Advanced Maryland Automatic Network Disk Archiver before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705...
CVE-2023-30577
AMANDA Advanced Maryland Automatic Network Disk Archiver before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705...
CVE-2022-37704
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...
DEBIAN-CVE-2022-37705
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...
CVE-2022-37705
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...
DEBIAN-CVE-2022-37704
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...
Information disclosure
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...
Privilege escalation
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...
CVE-2022-37704
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...
CVE-2022-37704
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...
CVE-2022-37704
Summary of CVE-2022-37704 : Amanda 3.5.1 contains a privilege escalation in the SUID binary /lib/amanda/rundump, which can cause root execution of /usr/sbin/dump with attacker-controlled arguments. This can enable local privilege escalation, and may also lead to denial of service and information ...
CVE-2022-37704
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...