Linux Distros Unpatched Vulnerability : CVE-2022-37704

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as roo...

DEBIAN-CVE-2022-37704

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...

USN-5966-2 amanda regression

USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced a regression in GNUTAR-based backups. This update reverts all of the changes in amanda until a better fix is provided. We apologize for the inconvenience. Original advisory details: Maher Azzouzi discovered an information...

USN-5966-1 amanda vulnerabilities

Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. CVE-2022-37703 Maher Azzouzi discovered a privilege...

OESA-2023-1149 amanda security update

AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup system that allows the administrator of a LAN to set up a single master backup server to back up multiple hosts to a single large capacity tape or disk drive. Amanda uses native tools such as GNUtar, dump for backup and ca...

SUSE CVE-2022-37704

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...

Amanda 命令注入漏洞

Amanda is an automated network disk archiver organized by the University of Maryland at College Park. It allows IT administrators to set up a single primary backup server to back up multiple hosts to tape drives/converters or disk or optical media over a network. Amanda has a security vulnerabili...

PT-2023-13547 · Amanda +2 · Amanda +2

Name of the Vulnerable Software and Affected Versions: Amanda version 3.5.1 Description: The issue allows privilege escalation from a regular user backup to root. A SUID binary located at /lib/amanda/rundump executes /usr/sbin/dump as root with controlled arguments from the attacker, which may le...

UBUNTU-CVE-2022-37704

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...

CVE-2022-37704

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure...

Exploit for Command Injection in Zmanda Amanda

Suggested description Amanda 3.5.1 has a flaw that allows...