The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3681 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3681-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                         Tobias Frost     December 03, 2023                             https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : amanda     Version        : 1:3.5.1-2+deb10u2     CVE ID         : CVE-2022-37703 CVE-2022-37705 CVE-2023-30577     Debian Bug     : 1021017 1029829 1055253

    Multiple vulnerabilties have been found in Amanda,a backup system     designed to archive many computers on a network to a single     large-capacity tape drive. The vulnerabilties potentially allows local     privilege escalation from the backup user to root or leak information     whether a directory exists in the filesystem.

    CVE-2022-37703

        In Amanda 3.5.1, an information leak vulnerability was found in the         calcsize SUID binary. An attacker can abuse this vulnerability to         know if a directory exists or not anywhere in the fs. The binary         will use `opendir()` as root directly without checking the path,         letting the attacker provide an arbitrary path.


    CVE-2022-37705

        A privilege escalation flaw was found in Amanda 3.5.1 in which the         backup user can acquire root privileges. The vulnerable component is         the runtar SUID program, which is a wrapper to run /usr/bin/tar with         specific arguments that are controllable by the attacker. This         program mishandles the arguments passed to tar binary.

    CVE-2023-30577

        The SUID binary runtar can accept the possibly malicious GNU tar         options if fed with some non-argument option starting with
        --exclude (say --exclude-vcs). The following option will be         accepted as good and it could be an option passing some         script/binary that would be executed with root permissions.

    For Debian 10 buster, these problems have been fixed in version     1:3.5.1-2+deb10u2.

    We recommend that you upgrade your amanda packages.

    For the detailed security status of amanda please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/amanda

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-3681 : amanda-client - security update

high Nessus Plugin ID 186524

Version 1.1

Version 1.0

Version 1.1 Jan 22, 2025, 3:03 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202501221503
Version 1.0 Dec 3, 2023, 4:13 PM New Plugin Feed: 202312031613