rpm package
opensuse/amanda&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/amanda&distro=openSUSE%20Leap%2015.4
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-30577 | — | < 3.5.1-bp154.3.6.1 | 3.5.1-bp154.3.6.1 | Jul 26, 2023 | AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. | ||
| CVE-2022-37705 | — | < 3.5.1-bp154.3.3.1 | 3.5.1-bp154.3.3.1 | Apr 16, 2023 | A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mish | ||
| CVE-2022-37704 | — | < 3.5.1-bp154.3.3.1 | 3.5.1-bp154.3.3.1 | Apr 16, 2023 | Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and informa |
- CVE-2023-30577Jul 26, 2023affected < 3.5.1-bp154.3.6.1fixed 3.5.1-bp154.3.6.1
AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.
- CVE-2022-37705Apr 16, 2023affected < 3.5.1-bp154.3.3.1fixed 3.5.1-bp154.3.3.1
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mish
- CVE-2022-37704Apr 16, 2023affected < 3.5.1-bp154.3.3.1fixed 3.5.1-bp154.3.3.1
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and informa