An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda …
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
https://cwe.mitre.org/data/definitions/264.html →Open in CWE collection →The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.
https://cwe.mitre.org/data/definitions/648.html →Open in CWE collection →Cross Site Tracing (XST) enables an adversary to steal the victim's session cookie and possibly other authentication credentials transmitted in the header of the HTTP request when the victim's browser communicates to a destination system's web server.
https://capec.mitre.org/data/definitions/107.html →Open in CAPEC collection →An adversary gains control of a process that is assigned elevated privileges in order to execute arbitrary code with those privileges. Some processes are assigned elevated privileges on an operating system, usually through association with a particular user, group, or role. If an attacker can hijack this process, they will be able to assume its level of privilege in order to execute their own code.
https://capec.mitre.org/data/definitions/234.html →Open in CAPEC collection →| Product | Vendor | Status |
|---|---|---|
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | Tracked | |
| amanda | * | Tracked |