zmanda/amanda

zmanda/amanda

Releases245

Frequency3 weeks 3 days

Last Release almost 3 years ago

Stars265

Amanda Network Backup

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-30577 ↗	Jul 26, 2023Wednesday, 26 July 2023, 17:15	7.8 HIGH	—
AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.
CVE-2022-37704 ↗	Apr 16, 2023Sunday, 16 April 2023, 01:15	6.7 MEDIUM	—
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.
CVE-2022-37705 ↗	Apr 16, 2023Sunday, 16 April 2023, 01:15	6.7 MEDIUM	—
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),