CVE-2023-30577

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AMANDA versions prior to 3.5.4

Description The issue is related to the mishandling of argument checking for runtar.c in the AMANDA software, which can be exploited to elevate privileges. This is a different issue than previously reported problems.

Recommendations For versions prior to 3.5.4, update to version 3.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the runtar.c component to minimize the risk of exploitation.

Exploit

Fix

Improper Neutralization

Argument Injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-707CWE-88CWE-74

Related Identifiers

BDU:2024-01572

CVE-2023-30577

DLA-3681-1

DLA-3880-1

GHSA-CRRW-V393-H5Q3

OESA-2023-1507

OPENSUSE-SU-2023:0205-1

OPENSUSE-SU-2023:0206-1

OPENSUSE-SU-2024:13083-1

USN-6614-1

Affected Products

Amanda

Linuxmint

Ubuntu

CVE-2023-30577

Weakness Enumeration

Related Identifiers

Affected Products

References · 36