Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-37705

Published: 16/04/2023 Updated: 03/12/2023
CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8
VMScore: 0
Subscribe to Amanda

Vulnerability Summary

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zmanda amanda 3.5.1

Vendor Advisories

Debian CVElist Bug Report Logs: amanda: CVE-2022-37704 CVE-2022-37705
Debian Bug report logs - #1029829 amanda: CVE-2022-37704 CVE-2022-37705 Package: src:amanda; Maintainer for src:amanda is Jose M Calhariz <calhariz@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 28 Jan 2023 13:03:01 UTC Severity: grave Tags: security, upstream Found in version amanda/1 ...
Debian CVElist Bug Report Logs: amanda: CVE-2023-30577
Debian Bug report logs - #1055253 amanda: CVE-2023-30577 Package: src:amanda; Maintainer for src:amanda is Jose M Calhariz <calhariz@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 2 Nov 2023 20:54:02 UTC Severity: grave Tags: security, upstream Found in versions amanda/1:351-11, ama ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

Github Repositories

https://github.com/MaherAzzouzi/CVE-2022-37705

Amanda 3.5.1 second LPE.

[Suggested description] A privilege escalation flaw was found on Amanda 351 that can take backup user to root privileges The vulnerable component is the runtar SUID that is just a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker The program does not check correctly the args passed to tar binary (it assumes that all args should be lik

References

CWE-88http://www.amanda.org/https://github.com/zmanda/amanda/pull/194https://github.com/zmanda/amanda/pull/196https://github.com/MaherAzzouzi/CVE-2022-37705https://github.com/zmanda/amanda/pull/204https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3https://github.com/zmanda/amanda/issues/192https://marc.info/?l=amanda-hackershttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK/https://lists.debian.org/debian-lts-announce/2023/12/msg00003.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029829https://github.com/MaherAzzouzi/CVE-2022-37705https://access.redhat.com/security/cve/cve-2022-37705
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook