Amanda

amanda

Vendor: Zmanda • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-30577 1Zmanda 1Amanda Nov 4, 2025 Jul 26, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.
CVE-2022-37705 1Zmanda 1Amanda Nov 4, 2025 Apr 16, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific argume...Show more A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),Show less
CVE-2022-37704 1Zmanda 1Amanda Nov 4, 2025 Apr 16, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead...Show more Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.Show less
CVE-2019-19469 1Zmanda 1Amanda Nov 21, 2024 Dec 1, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials.
CVE-2016-10730 2Redhat Zmanda 2Amanda Enterprise Linux Nov 21, 2024 Oct 24, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to b...Show more An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.Show less
CVE-2016-10729 3Debian RedhatZmanda 3Amanda Debian LinuxEnterprise Linux Nov 21, 2024 Oct 24, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allo...Show more An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.Show less