First published: Sun Apr 16 2023(Updated: )
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zmanda Amanda | =3.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.