CVE-2022-37704

2023-04-1601:15:06

Debian Security Bug Tracker

security-tracker.debian.org

amanda

privilege escalation

suid

vulnerability

denial of service

information disclosure

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.

OSVersionArchitecturePackageVersionFilename
Debian12allamanda< 1:3.5.1-10amanda_1:3.5.1-10_all.deb
Debian11allamanda<= 1:3.5.1-7amanda_1:3.5.1-7_all.deb
Debian10allamanda< 1:3.5.1-2+deb10u1amanda_1:3.5.1-2+deb10u1_all.deb
Debian999allamanda< 1:3.5.1-10amanda_1:3.5.1-10_all.deb
Debian13allamanda< 1:3.5.1-10amanda_1:3.5.1-10_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	amanda	< 1:3.5.1-10	amanda_1:3.5.1-10_all.deb
Debian	11	all	amanda	<= 1:3.5.1-7	amanda_1:3.5.1-7_all.deb
Debian	10	all	amanda	< 1:3.5.1-2+deb10u1	amanda_1:3.5.1-2+deb10u1_all.deb
Debian	999	all	amanda	< 1:3.5.1-10	amanda_1:3.5.1-10_all.deb
Debian	13	all	amanda	< 1:3.5.1-10	amanda_1:3.5.1-10_all.deb