Vulnerability Details CVE-2022-37704
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.8%
CVSS Severity
CVSS v3 Score 6.7
References
- http://www.amanda.org/
- https://github.com/MaherAzzouzi/CVE-2022-37704
- https://github.com/zmanda/amanda/issues/192
- https://github.com/zmanda/amanda/pull/197
- https://github.com/zmanda/amanda/pull/205
- https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3
- https://lists.debian.org/debian-lts-announce/2023/02/msg00025.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2/
- https://marc.info/?l=amanda-hackers
- http://www.amanda.org/
- https://github.com/MaherAzzouzi/CVE-2022-37704
- https://github.com/zmanda/amanda/issues/192
- https://github.com/zmanda/amanda/pull/197
- https://github.com/zmanda/amanda/pull/205
- https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3
- https://lists.debian.org/debian-lts-announce/2023/02/msg00025.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2/
- https://marc.info/?l=amanda-hackers