CVE-2022-37705

2023-04-1601:15:06

Debian Security Bug Tracker

security-tracker.debian.org

amanda vulnerability

privilege escalation

runtar suid program

root privileges

tar binary

attacker control

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.6%

JSON

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),

OSVersionArchitecturePackageVersionFilename
Debian12allamanda< 1:3.5.1-10amanda_1:3.5.1-10_all.deb
Debian11allamanda<= 1:3.5.1-7amanda_1:3.5.1-7_all.deb
Debian10allamanda< 1:3.5.1-2+deb10u2amanda_1:3.5.1-2+deb10u2_all.deb
Debian999allamanda< 1:3.5.1-10amanda_1:3.5.1-10_all.deb
Debian13allamanda< 1:3.5.1-10amanda_1:3.5.1-10_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	amanda	< 1:3.5.1-10	amanda_1:3.5.1-10_all.deb
Debian	11	all	amanda	<= 1:3.5.1-7	amanda_1:3.5.1-7_all.deb
Debian	10	all	amanda	< 1:3.5.1-2+deb10u2	amanda_1:3.5.1-2+deb10u2_all.deb
Debian	999	all	amanda	< 1:3.5.1-10	amanda_1:3.5.1-10_all.deb
Debian	13	all	amanda	< 1:3.5.1-10	amanda_1:3.5.1-10_all.deb