Zmanda Amanda 3.5.1

CPE Details

Zmanda Amanda 3.5.1
zmanda
amanda
3.5.1
2019-06-10
14h09 +00:00
2019-06-10
14h09 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:zmanda:amanda:3.5.1:*:*:*:*:*:*:*

Informations

Vendor

zmanda

Product

amanda

Version

3.5.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-30577 2023-07-25 22h00 +00:00 AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.
7.8
High
CVE-2022-37704 2023-04-16 00h00 +00:00 Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.
6.7
Medium
CVE-2022-37705 2023-04-15 22h00 +00:00 A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),
6.7
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.