Lucene search

K

[email protected]NVD:CVE-2022-37703

HistorySep 13, 2022 - 8:15 p.m.

CVE-2022-37703

2022-09-1320:15:09

CWE-22

[email protected]

web.nvd.nist.gov

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

18.2%

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir() as root directly without checking the path, letting the attacker provide an arbitrary path.

Affected configurations

NVD

Node

amandaamandaMatch3.5.1

References

www.amanda.org/

bugs.gentoo.org/870037

github.com/MaherAzzouzi/CVE-2022-37703

github.com/zmanda/amanda/releases/tag/tag-community-3.5.3

lists.debian.org/debian-lts-announce/2023/12/msg00003.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2/

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

18.2%

Related for NVD:CVE-2022-37703

ubuntucve1 redhatcve1 debiancve1 prion1 cvelist1 cve1 osv5 nessus9 openvas7 ubuntu3 debian1 fedora3