CVE-2022-37705

2023-01-3000:00:00

ubuntu.com

privilege escalation

amanda 3.5.1

backup user

root privileges

runtar suid program

vulnerable component

specific arguments

mishandling arguments

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.6%

JSON

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup
user can acquire root privileges. The vulnerable component is the runtar
SUID program, which is a wrapper to run /usr/bin/tar with specific
arguments that are controllable by the attacker. This program mishandles
the arguments passed to tar binary (it expects that the argument name and
value are separated with a space; however, separating them with an equals
sign is also supported),

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029829>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchamanda< 1:3.5.1-1ubuntu0.3UNKNOWN
ubuntu20.04noarchamanda< 1:3.5.1-2ubuntu0.3UNKNOWN
ubuntu22.04noarchamanda< 1:3.5.1-8ubuntu1.3UNKNOWN
ubuntu22.10noarchamanda< 1:3.5.1-9ubuntu0.3UNKNOWN
ubuntu23.04noarchamanda< 1:3.5.1-11UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	amanda	< 1:3.5.1-1ubuntu0.3	UNKNOWN
ubuntu	20.04	noarch	amanda	< 1:3.5.1-2ubuntu0.3	UNKNOWN
ubuntu	22.04	noarch	amanda	< 1:3.5.1-8ubuntu1.3	UNKNOWN
ubuntu	22.10	noarch	amanda	< 1:3.5.1-9ubuntu0.3	UNKNOWN
ubuntu	23.04	noarch	amanda	< 1:3.5.1-11	UNKNOWN