Updated: 2025-11-10 01:42:22.632594
Description:
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 6.7 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | amanda | 2.6.1p2 | 6.7 | MEDIUM | Ignored | 2023-03-27 03:08:37 | Ignored due to low severity | |
| CentOS 8.4 ELS | amanda | 3.5.1 | 6.7 | MEDIUM | Ignored | 2023-03-27 03:08:37 | Ignored due to low severity | |
| CentOS 8.5 ELS | amanda | 3.5.1 | 6.7 | MEDIUM | Ignored | 2023-03-27 03:08:37 | Ignored due to low severity | |
| CloudLinux 6 ELS | amanda | 2.6.1p2 | 6.7 | MEDIUM | Ignored | 2023-03-27 03:08:39 | Ignored due to low severity | |
| Oracle Linux 6 ELS | amanda | 2.6.1p2 | 6.7 | MEDIUM | Ignored | 2023-03-27 03:08:37 | Ignored due to low severity | |
| Ubuntu 16.04 ELS | amanda | 3.3.6 | 6.7 | MEDIUM | Ignored | 2023-06-28 14:06:09 | Ignored due to low severity score | |
| Ubuntu 18.04 ELS | amanda | 3.5.1 | 6.7 | MEDIUM | Already Fixed | 2023-06-28 14:06:09 |