Описание
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 1:3.5.1-1build2 |
| cosmic | not-affected | 1:3.5.1-1build2 |
| devel | not-affected | 1:3.5.1-1build2 |
| disco | not-affected | 1:3.5.1-1build2 |
| eoan | not-affected | 1:3.5.1-1build2 |
| esm-apps/bionic | not-affected | 1:3.5.1-1build2 |
| esm-apps/focal | not-affected | 1:3.5.1-1build2 |
| esm-apps/jammy | not-affected | 1:3.5.1-1build2 |
| esm-apps/noble | not-affected | 1:3.5.1-1build2 |
| esm-apps/xenial | needed |
Показывать по
EPSS
7.2 High
CVSS2
7.8 High
CVSS3
Связанные уязвимости
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.
An issue was discovered in Amanda 3.3.1. A user with backup privileges ...
EPSS
7.2 High
CVSS2
7.8 High
CVSS3