CVE-2022-37704 — Command Injection in Amanda

CWE-77 — Command Injection CWE-269 — Improper Privilege Management11 documents6 sources

Severity

6.7MEDIUMNVD

OSV3.3

EPSS

0.1%

top 69.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Amanda Debian Amanda Zmanda Amanda

Timeline

PublishedApr 16

Description

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/amanda< amanda 1:3.5.1-10 (bookworm)

▶Debianamanda/amanda< 1:3.5.1-7+deb11u1+2

▶Ubuntuamanda/amanda< 1:3.3.3-2ubuntu1.1+esm1+12

▶NVDzmanda/amanda3.5.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-2699-8r69-fq67: Amanda 3↗2023-04-16

▶

OSV

CVE-2022-37704: Amanda 3↗2023-04-16

▶

OSV

amanda regression↗2023-04-03

▶

OSV

amanda vulnerabilities↗2023-03-23

▶

OSV

amanda regression↗2023-03-23

▶

📋Vendor Advisories

Ubuntu

amanda regression↗2023-04-03

▶

Ubuntu

amanda vulnerabilities↗2023-03-23

▶

Ubuntu

amanda regression↗2023-03-23

▶

Red Hat

amanda: rundump: crafted arguments can lead to local privilege escalation↗2023-02-07

▶

Debian

CVE-2022-37704: amanda - Amanda 3.5.1 allows privilege escalation from the regular user backup to root. T...↗2022

▶