Lucene search

UbuntuUSN-5966-1

HistoryMar 23, 2023 - 12:00 a.m.

amanda vulnerabilities

2023-03-2300:00:00

ubuntu.com

ubuntu 22.10

ubuntu 22.04 lts

ubuntu 20.04 lts

ubuntu 18.04 esm

ubuntu 16.04 esm

ubuntu 14.04 esm

amanda

information disclosure

privilege escalation

suid binary

maher azzouzi

cve-2022-37703

cve-2022-37704

cve-2022-37705

unix

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

5.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Releases

Ubuntu 22.10
Ubuntu 22.04 LTS
Ubuntu 20.04 LTS
Ubuntu 18.04 ESM
Ubuntu 16.04 ESM
Ubuntu 14.04 ESM

Packages

amanda - Advanced Maryland Automatic Network Disk Archiver (Client)

Details

Maher Azzouzi discovered an information disclosure vulnerability in the
calcsize binary within amanda. calcsize is a suid binary owned by root that
could possibly be used by a malicious local attacker to expose sensitive
file system information. (CVE-2022-37703)

Maher Azzouzi discovered a privilege escalation vulnerability in the
rundump binary within amanda. rundump is a suid binary owned by root that
did not perform adequate sanitization of environment variables or
commandline options and could possibly be used by a malicious local
attacker to escalate privileges. (CVE-2022-37704)

Maher Azzouzi discovered a privilege escalation vulnerability in the runtar
binary within amanda. runtar is a suid binary owned by root that did not
perform adequate sanitization of commandline options and could possibly be
used by a malicious local attacker to escalate privileges. (CVE-2022-37705)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.10noarchamanda-client< 1:3.5.1-9ubuntu0.1UNKNOWN
Ubuntu22.10noarchamanda-client-dbgsym< 1:3.5.1-9ubuntu0.1UNKNOWN
Ubuntu22.10noarchamanda-common< 1:3.5.1-9ubuntu0.1UNKNOWN
Ubuntu22.10noarchamanda-common-dbgsym< 1:3.5.1-9ubuntu0.1UNKNOWN
Ubuntu22.10noarchamanda-server< 1:3.5.1-9ubuntu0.1UNKNOWN
Ubuntu22.10noarchamanda-server-dbgsym< 1:3.5.1-9ubuntu0.1UNKNOWN
Ubuntu22.04noarchamanda-client< 1:3.5.1-8ubuntu1.1UNKNOWN
Ubuntu22.04noarchamanda-client-dbgsym< 1:3.5.1-8ubuntu1.1UNKNOWN
Ubuntu22.04noarchamanda-common< 1:3.5.1-8ubuntu1.1UNKNOWN
Ubuntu22.04noarchamanda-common-dbgsym< 1:3.5.1-8ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	22.10	noarch	amanda-client	< 1:3.5.1-9ubuntu0.1	UNKNOWN
Ubuntu	22.10	noarch	amanda-client-dbgsym	< 1:3.5.1-9ubuntu0.1	UNKNOWN
Ubuntu	22.10	noarch	amanda-common	< 1:3.5.1-9ubuntu0.1	UNKNOWN
Ubuntu	22.10	noarch	amanda-common-dbgsym	< 1:3.5.1-9ubuntu0.1	UNKNOWN
Ubuntu	22.10	noarch	amanda-server	< 1:3.5.1-9ubuntu0.1	UNKNOWN
Ubuntu	22.10	noarch	amanda-server-dbgsym	< 1:3.5.1-9ubuntu0.1	UNKNOWN
Ubuntu	22.04	noarch	amanda-client	< 1:3.5.1-8ubuntu1.1	UNKNOWN
Ubuntu	22.04	noarch	amanda-client-dbgsym	< 1:3.5.1-8ubuntu1.1	UNKNOWN
Ubuntu	22.04	noarch	amanda-common	< 1:3.5.1-8ubuntu1.1	UNKNOWN
Ubuntu	22.04	noarch	amanda-common-dbgsym	< 1:3.5.1-8ubuntu1.1	UNKNOWN