CVE-2022-37705Argument Injection in Amanda

CWE-88Argument InjectionCWE-20Improper Input ValidationCWE-269Improper Privilege Management15 documents6 sources
Severity
7.8HIGHNVD
NVD6.7OSV6.7OSV3.3
EPSS
3.6%
top 12.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
AmandaZmanda AmandaDebian Amanda
Timeline
PublishedApr 16
Latest updateJul 26

Description

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

NVDzmanda/amanda< 3.5.4+1
debiandebian/amanda< amanda 1:3.5.1-10 (bookworm)+1
Debianamanda/amanda< 1:3.5.1-7+deb11u1+4
Ubuntuamanda/amanda< 1:3.3.3-2ubuntu1.1+esm1+12

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

6
OSV
CVE-2023-30577: AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-32023-07-26
OSV
CVE-2022-37705: A privilege escalation flaw was found in Amanda 32023-04-16
GHSA
GHSA-f6f6-98vp-w8mf: A privilege escalation flaw was found in Amanda 32023-04-16
OSV
amanda regression2023-04-03
OSV
amanda vulnerabilities2023-03-23

📋Vendor Advisories

7
Red Hat
amanda: Improper argument checking for runtar.c2023-06-27
Ubuntu
amanda regression2023-04-03
Ubuntu
amanda vulnerabilities2023-03-23
Ubuntu
amanda regression2023-03-23
Red Hat
amanda: runtar: crafted arguments can lead to local privilege escalation2023-02-07