Описание
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir() as root directly without checking the path, letting the attacker provide an arbitrary path.
An information leak vulnerability was found in Amanda in the calcsize SUID binary. This flaw allows an attacker to know if a directory exists or not anywhere in the fs. The binary will use opendir() as root directly without checking the path, letting the attacker provide an arbitrary path.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | amanda | Out of support scope | ||
| Red Hat Enterprise Linux 7 | amanda | Out of support scope | ||
| Red Hat Enterprise Linux 8 | amanda | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
2.3 Low
CVSS3
Связанные уязвимости
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.
In Amanda 3.5.1, an information leak vulnerability was found in the ca ...
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.
EPSS
2.3 Low
CVSS3