EUVD-2023-34958

Malicious code in bioql PyPI...

EUVD-2022-40319

Malicious code in bioql PyPI...

EulerOS 2.0 SP8 : amanda (EulerOS-SA-2023-3112)

According to the versions of the amanda packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - AMANDA Advanced Maryland Automatic Network Disk Archiver before tag-community-3.5.4 mishandles argument checking for runtar.c, a different...

Debian dla-3681 : amanda-client - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3681 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3681-1 [email protected]...

CLSA-2023-1693417888 Update of amanda

Fix bug that leads to amdump and runtar problem due to options recognized as invalid falsely...

CLSA-2023-1693416068 Update of amanda

Fix bug that leads to amdump and runtar problem due to options recognized as invalid falsely...

Update of amanda

Fix bug that leads to amdump and runtar problem due to options recognized as invalid falsely...

Medium: amanda

Issue Overview: An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injecti...

CLSA-2023-1692296244 Fix CVE(s): CVE-2023-30577

SECURITY UPDATE: privilege escalation through runtar SUID program - debian/patches/CVE-2023-30577.patch: introduce tar option allow list Fix changelog installation - CVE-2023-30577...

CLSA-2023-1692295986 Fix CVE(s): CVE-2023-30577, CVE-2022-37705

SECURITY UPDATE: privilege escalation through runtar SUID program - debian/patches/CVE-2022-37705.patch: filter tar options - CVE-2022-37705 SECURITY UPDATE: privilege escalation through runtar SUID program - debian/patches/CVE-2023-30577.patch: introduce tar option allow list - CVE-2023-30577...

OPENSUSE-SU-2023:0205-1 Security update for amanda

This update for amanda fixes the following issues: - CVE-2023-30577: Fixed improper argument checking for runtar.c boo1213701...

SUSE CVE-2023-30577

AMANDA Advanced Maryland Automatic Network Disk Archiver before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705...

DEBIAN-CVE-2023-30577

AMANDA Advanced Maryland Automatic Network Disk Archiver before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705...

PT-2023-8692 · Amanda +2 · Amanda +2

Name of the Vulnerable Software and Affected Versions: AMANDA versions prior to 3.5.4 Description: The issue is related to the mishandling of argument checking for runtar.c in the AMANDA software, which can be exploited to elevate privileges. This is a different issue than previously reported...

CVE-2022-37705

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...

CVE-2022-37705

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...

DEBIAN-CVE-2022-37705

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...

Privilege escalation

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...

CVE-2022-37705

CVE-2022-37705 affects Amanda 3.5.1. The runtar SUID wrapper to tar mishandles arguments, enabling a backup user to escalate to root. Public notes in Debian LTS advisories confirm a fix in amanda packages (e.g., Debian 11 1:3.5.1-7+deb11u1) and CloudLinux/LT advisory references indicate tar optio...

CVE-2022-37705

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the...