Download
| Alert*
oval:org.secpod.oval:def:89002291
This update for amanda fixes the following issues: Security issue fixed: - CVE-2016-10729: Fixed a local privilege escalation from amanda to root via unsafe tar command options . oval:org.secpod.oval:def:2001457 An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. oval:org.secpod.oval:def:1701567 An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. An issu ... oval:org.secpod.oval:def:1601773 An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The 'runtar' setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. AMANDA ... |