An issue exists in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zmanda amanda 3.3.1 |
||
redhat enterprise linux 7.0 |
||
debian debian linux 8.0 |
||
debian debian linux 10.0 |
||
debian debian linux 7.0 |
||
debian debian linux 9.0 |