14 lines
1.4 KiB
JSON
14 lines
1.4 KiB
JSON
{
|
|
"id": "openEuler-SA-2023-1149",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1149",
|
|
"title": "An update for amanda is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
|
|
"severity": "Medium",
|
|
"description": "AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup system that allows the administrator of a LAN to set up a single master backup server to back up multiple hosts to a single large capacity tape or disk drive. Amanda uses native tools (such as GNUtar, dump) for backup and can back up a large number of workstations running multiple versions of Unix/Mac OS X/Linux/Windows.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in Amanda. The `runtar` SUID binary executes /usr/bin/tar as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user \"amandabackup\" to root.(CVE-2022-37705)\r\n\r\nA flaw was found in Amanda. The `rundump` SUID binary executes /usr/sbin/dump as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user \"amandabackup\" to root.(CVE-2022-37704)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-37704",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37704",
|
|
"severity": "Medium"
|
|
}
|
|
]
|
|
} |