USN-5966-1
- Source
- https://ubuntu.com/security/notices/USN-5966-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5966-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-5966-1
- Related
- Published
- 2023-03-23T06:20:37.050031Z
- Modified
- 2023-03-23T06:20:37.050031Z
- Summary
- amanda vulnerabilities
- Details
-
Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. (CVE-2022-37703)
Maher Azzouzi discovered a privilege escalation vulnerability in the rundump binary within amanda. rundump is a suid binary owned by root that did not perform adequate sanitization of environment variables or commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37704)
Maher Azzouzi discovered a privilege escalation vulnerability in the runtar binary within amanda. runtar is a suid binary owned by root that did not perform adequate sanitization of commandline options and could possibly be used by a malicious local attacker to escalate privileges. (CVE-2022-37705)
- References
Affected packages
Ubuntu:14.04:LTS / amanda
Package
- Name
- amanda
- Purl
- pkg:deb/ubuntu/amanda@1:3.3.3-2ubuntu1.1+esm1?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:3.3.3-2ubuntu1.1+esm1
Affected versions
1:3.*
1:3.3.3-2
1:3.3.3-2build1
1:3.3.3-2ubuntu1
1:3.3.3-2ubuntu1.1
1:3.3.3-2ubuntu1.1+actuallyesm2
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1:3.3.3-2ubuntu1.1",
"binary_name": "amanda-client"
},
{
"binary_version": "1:3.3.3-2ubuntu1.1",
"binary_name": "amanda-common"
},
{
"binary_version": "1:3.3.3-2ubuntu1.1",
"binary_name": "amanda-server"
}
]
}
Ubuntu:16.04:LTS / amanda
Package
- Name
- amanda
- Purl
- pkg:deb/ubuntu/amanda@1:3.3.6-4.1ubuntu0.1+esm1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:3.3.6-4.1ubuntu0.1+esm1
Affected versions
1:3.*
1:3.3.6-4
1:3.3.6-4.1
1:3.3.6-4.1ubuntu0.1
1:3.3.6-4.1ubuntu0.1+actuallyesm2
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1:3.3.6-4.1ubuntu0.1",
"binary_name": "amanda-client"
},
{
"binary_version": "1:3.3.6-4.1ubuntu0.1",
"binary_name": "amanda-common"
},
{
"binary_version": "1:3.3.6-4.1ubuntu0.1",
"binary_name": "amanda-server"
}
]
}
Ubuntu:18.04:LTS / amanda
Package
- Name
- amanda
- Purl
- pkg:deb/ubuntu/amanda@1:3.5.1-1ubuntu0.1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:3.5.1-1ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1:3.5.1-1ubuntu0.1",
"binary_name": "amanda-client"
},
{
"binary_version": "1:3.5.1-1ubuntu0.1",
"binary_name": "amanda-client-dbgsym"
},
{
"binary_version": "1:3.5.1-1ubuntu0.1",
"binary_name": "amanda-common"
},
{
"binary_version": "1:3.5.1-1ubuntu0.1",
"binary_name": "amanda-common-dbgsym"
},
{
"binary_version": "1:3.5.1-1ubuntu0.1",
"binary_name": "amanda-server"
},
{
"binary_version": "1:3.5.1-1ubuntu0.1",
"binary_name": "amanda-server-dbgsym"
}
]
}
Ubuntu:20.04:LTS / amanda
Package
- Name
- amanda
- Purl
- pkg:deb/ubuntu/amanda@1:3.5.1-2ubuntu0.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:3.5.1-2ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1:3.5.1-2ubuntu0.1",
"binary_name": "amanda-client"
},
{
"binary_version": "1:3.5.1-2ubuntu0.1",
"binary_name": "amanda-client-dbgsym"
},
{
"binary_version": "1:3.5.1-2ubuntu0.1",
"binary_name": "amanda-common"
},
{
"binary_version": "1:3.5.1-2ubuntu0.1",
"binary_name": "amanda-common-dbgsym"
},
{
"binary_version": "1:3.5.1-2ubuntu0.1",
"binary_name": "amanda-server"
},
{
"binary_version": "1:3.5.1-2ubuntu0.1",
"binary_name": "amanda-server-dbgsym"
}
]
}
Ubuntu:22.04:LTS / amanda
Package
- Name
- amanda
- Purl
- pkg:deb/ubuntu/amanda@1:3.5.1-8ubuntu1.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:3.5.1-8ubuntu1.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1:3.5.1-8ubuntu1.1",
"binary_name": "amanda-client"
},
{
"binary_version": "1:3.5.1-8ubuntu1.1",
"binary_name": "amanda-client-dbgsym"
},
{
"binary_version": "1:3.5.1-8ubuntu1.1",
"binary_name": "amanda-common"
},
{
"binary_version": "1:3.5.1-8ubuntu1.1",
"binary_name": "amanda-common-dbgsym"
},
{
"binary_version": "1:3.5.1-8ubuntu1.1",
"binary_name": "amanda-server"
},
{
"binary_version": "1:3.5.1-8ubuntu1.1",
"binary_name": "amanda-server-dbgsym"
}
]
}