DescriptionA privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1029829

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
amanda (PTS)buster1:3.5.1-2vulnerable
buster (security)1:3.5.1-2+deb10u1vulnerable
sid, trixie, bookworm1:3.5.1-11fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[bullseye] - amanda <no-dsa> (Minor issue)
[buster] - amanda <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems