The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3681 advisory.

  - In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can     abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use     `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.
    (CVE-2022-37703)

  - A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root     privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar     with specific arguments that are controllable by the attacker. This program mishandles the arguments     passed to tar binary (it expects that the argument name and value are separated with a space; however,     separating them with an equals sign is also supported), (CVE-2022-37705)

  - AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument     checking for runtar.c, a different vulnerability than CVE-2022-37705. (CVE-2023-30577)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DLA-3681-1 : amanda - LTS security update

high Nessus Plugin ID 186524

Version 1.0