rpm package
opensuse/amanda&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/amanda&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-30577 | — | < 3.5.4-1.1 | 3.5.4-1.1 | Jul 26, 2023 | AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. | ||
| CVE-2022-37705 | — | < 3.5.2-3.1 | 3.5.2-3.1 | Apr 16, 2023 | A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mish | ||
| CVE-2022-37704 | — | < 3.5.3-1.1 | 3.5.3-1.1 | Apr 16, 2023 | Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and informa | ||
| CVE-2022-37703 | — | < 3.5.3-1.1 | 3.5.3-1.1 | Sep 13, 2022 | In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the atta |
- CVE-2023-30577Jul 26, 2023affected < 3.5.4-1.1fixed 3.5.4-1.1
AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.
- CVE-2022-37705Apr 16, 2023affected < 3.5.2-3.1fixed 3.5.2-3.1
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mish
- CVE-2022-37704Apr 16, 2023affected < 3.5.3-1.1fixed 3.5.3-1.1
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and informa
- CVE-2022-37703Sep 13, 2022affected < 3.5.3-1.1fixed 3.5.3-1.1
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the atta