Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
amanda vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2002-0901
Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote malicious users to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to...
Amanda Amanda 2.3.0.4
NA
CVE-2022-37703
In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the atta...
Amanda Amanda 3.5.1
NA
CVE-2023-30577
AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.
Zmanda Amanda
NA
CVE-2022-37704
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and informa...
Zmanda Amanda 3.5.1
1 Github repository
NA
CVE-2022-37705
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mish...
Zmanda Amanda 3.5.1
1 Github repository
6.8
CVSSv2
CVE-2019-19469
In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials.
Zmanda Amanda 3.3.9
1 Github repository
7.2
CVSSv2
CVE-2016-10730
An issue exists in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when ...
Zmanda Amanda 3.3.1
Redhat Enterprise Linux 7.0
7.2
CVSSv2
CVE-2016-10729
An issue exists in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command inje...
Zmanda Amanda 3.3.1
Redhat Enterprise Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 10.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
7.2
CVSSv2
CVE-1999-1517
runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user to overwrite or read arbitrary files by providing the target files to runtar.
Freebsd Freebsd 3.3
7.5
CVSSv2
CVE-1999-0972
Buffer overflow in Xshipwars xsw program.
Wolfpack Development Xshipwars 1.0
Wolfpack Development Xshipwars 1.2.4
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started