AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3880 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3880-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                          Adrian Bunk     September 07, 2024                            https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : amanda     Version        : 1:3.5.1-7+deb11u1     CVE ID         : CVE-2022-37703 CVE-2022-37704 CVE-2022-37705 CVE-2023-30577     Debian Bug     : 1021017 1029829 1055253

    Multiple vulnerabilities have been fixed in the Amanda backup system.

    CVE-2022-37703

        Directory existence disclosure

    CVE-2022-37704

        Privilege escalation in rundump

    CVE-2022-37705

        Privilege escalation in runtar

    CVE-2023-30577

        Privilege escalation in runtar

    For Debian 11 bullseye, these problems have been fixed in version     1:3.5.1-7+deb11u1.

    We recommend that you upgrade your amanda packages.

    For the detailed security status of amanda please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/amanda

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6614-1 advisory.

    It was discovered that amanda did not properly check certain arguments. A local unprivileged attacker     could possibly use this issue to perform a

    privilege escalation attack.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the amanda packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument     checking for runtar.c, a different vulnerability than CVE-2022-37705. (CVE-2023-30577)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3681 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3681-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                         Tobias Frost     December 03, 2023                             https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : amanda     Version        : 1:3.5.1-2+deb10u2     CVE ID         : CVE-2022-37703 CVE-2022-37705 CVE-2023-30577     Debian Bug     : 1021017 1029829 1055253

    Multiple vulnerabilties have been found in Amanda,a backup system     designed to archive many computers on a network to a single     large-capacity tape drive. The vulnerabilties potentially allows local     privilege escalation from the backup user to root or leak information     whether a directory exists in the filesystem.

    CVE-2022-37703

        In Amanda 3.5.1, an information leak vulnerability was found in the         calcsize SUID binary. An attacker can abuse this vulnerability to         know if a directory exists or not anywhere in the fs. The binary         will use `opendir()` as root directly without checking the path,         letting the attacker provide an arbitrary path.


    CVE-2022-37705

        A privilege escalation flaw was found in Amanda 3.5.1 in which the         backup user can acquire root privileges. The vulnerable component is         the runtar SUID program, which is a wrapper to run /usr/bin/tar with         specific arguments that are controllable by the attacker. This         program mishandles the arguments passed to tar binary.

    CVE-2023-30577

        The SUID binary runtar can accept the possibly malicious GNU tar         options if fed with some non-argument option starting with
        --exclude (say --exclude-vcs). The following option will be         accepted as good and it could be an option passing some         script/binary that would be executed with root permissions.

    For Debian 10 buster, these problems have been fixed in version     1:3.5.1-2+deb10u2.

    We recommend that you upgrade your amanda packages.

    For the detailed security status of amanda please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/amanda

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of amanda installed on the remote host is prior to 3.3.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2218 advisory.

    An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client     installation. The runtar setuid root binary does not check for additional arguments supplied after
    --create, allowing users to manipulate commands and perform command injection as root. (CVE-2016-10729)

    An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client     installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses     star to backup and restore data. It runs binaries with root permissions when parsing the command line     argument --star-path. (CVE-2016-10730)

    AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument     checking for runtar.c, a different vulnerability than CVE-2022-37705. (CVE-2023-30577)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of amanda installed on the remote host is prior to 2.6.1p2-8.14. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1808 advisory.

    An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client     installation. The runtar setuid root binary does not check for additional arguments supplied after
    --create, allowing users to manipulate commands and perform command injection as root. (CVE-2016-10729)

    AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument     checking for runtar.c, a different vulnerability than CVE-2022-37705. (CVE-2023-30577)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-566e354e4a advisory.

    Update to new upstream version 3.5.4.  This brings a fix for a security issue, CVE-2023-30577.
    This update also fixes the manual pages.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-4db1d56125 advisory.

    Update to new upstream version 3.5.4.  This brings a fix for a security issue, CVE-2023-30577.
    This update also fixes the manual pages.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0206-1 advisory.

  - AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument     checking for runtar.c, a different vulnerability than CVE-2022-37705. (CVE-2023-30577)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0205-1 advisory.

  - AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument     checking for runtar.c, a different vulnerability than CVE-2022-37705. (CVE-2023-30577)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
206763	Debian dla-3880 : amanda-client - security update	Nessus	Debian Local Security Checks	high
189777	Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 : amanda vulnerability (USN-6614-1)	Nessus	Ubuntu Local Security Checks	high
188404	EulerOS 2.0 SP8 : amanda (EulerOS-SA-2023-3112)	Nessus	Huawei Local Security Checks	high
186524	Debian dla-3681 : amanda-client - security update	Nessus	Debian Local Security Checks	high
180092	Amazon Linux 2 : amanda (ALAS-2023-2218)	Nessus	Amazon Linux Local Security Checks	high
180081	Amazon Linux AMI : amanda (ALAS-2023-1808)	Nessus	Amazon Linux Local Security Checks	high
179380	Fedora 37 : amanda (2023-566e354e4a)	Nessus	Fedora Local Security Checks	high
179377	Fedora 38 : amanda (2023-4db1d56125)	Nessus	Fedora Local Security Checks	high
179374	openSUSE 15 Security Update : amanda (openSUSE-SU-2023:0206-1)	Nessus	SuSE Local Security Checks	high
179373	openSUSE 15 Security Update : amanda (openSUSE-SU-2023:0205-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2023-30577

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high