Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2022-37705

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),
Exploit prediction scoring system (EPSS) score
EPSS Score 0.032
EPSS Ranking 86.4%
CVSS Severity
CVSS v3 Score 6.7
References
Products affected by CVE-2022-37705
  • Zmanda » Amanda » Version: 3.5.1
    cpe:2.3:a:zmanda:amanda:3.5.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved