RSS   Vulnerabilities for 'Amanda'   RSS

2019-12-01
 
CVE-2019-19469

CWE-352
 

 
In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials.

 
2018-10-24
 
CVE-2016-10730

CWE-264
 

 
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.

 
 
CVE-2016-10729

CWE-77
 

 
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.

 

 >>> Vendor: Zmanda 2 Products
Zrm for my sql
Amanda


Copyright 2021, cxsecurity.com

 

Back to Top