Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-30577

Published: 26/07/2023 Updated: 03/12/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Amanda

Vulnerability Summary

An issue exists in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. (CVE-2016-10729) An issue exists in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path. (CVE-2016-10730) AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. (CVE-2023-30577)

Vulnerable Product Search on Vulmon Subscribe to Product

zmanda amanda

Vendor Advisories

Debian CVElist Bug Report Logs: amanda: CVE-2023-30577
Debian Bug report logs - #1055253 amanda: CVE-2023-30577 Package: src:amanda; Maintainer for src:amanda is Jose M Calhariz <calhariz@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 2 Nov 2023 20:54:02 UTC Severity: grave Tags: security, upstream Found in versions amanda/1:351-11, ama ...
Amazon Linux 2: ALAS2-2023-2218
An issue was discovered in Amanda 331 A user with backup privileges can trivially compromise a client installation The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root (CVE-2016-10729) An issue was discovered in Amanda 331 ...
Amazon Linux AMI: ALAS-2023-1808
An issue was discovered in Amanda 331 A user with backup privileges can trivially compromise a client installation The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root (CVE-2016-10729) AMANDA (Advanced Maryland Automatic Netw ...

References

CWE-88https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.4https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YYGJJARVLRBMNWSNXKZBXZNX3M53OVPA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OITHG7FBD7HQRX2XT75GSGWB3D6XSZU/https://lists.debian.org/debian-lts-announce/2023/12/msg00003.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055253https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2023-2218.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook