Zmanda Amanda
By the Year
In 2024 there have been 0 vulnerabilities in Zmanda Amanda . Last year Amanda had 3 security vulnerabilities published. Right now, Amanda is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 3 | 7.07 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 1 | 8.80 |
2018 | 0 | 0.00 |
It may take a day or so for new Amanda vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Zmanda Amanda Security Vulnerabilities
AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c
CVE-2023-30577
7.8 - High
- July 26, 2023
AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.
Argument Injection
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges
CVE-2022-37705
6.7 - Medium
- April 16, 2023
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),
Argument Injection
Amanda 3.5.1 allows privilege escalation from the regular user backup to root
CVE-2022-37704
6.7 - Medium
- April 16, 2023
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.
Command Injection
In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command=
CVE-2019-19469
8.8 - High
- December 01, 2019
In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials.
Shell injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Zmanda Amanda or by Zmanda? Click the Watch button to subscribe.