CVE-2022-37704

NameCVE-2022-37704
DescriptionAmanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3330-1, DLA-3880-1
Debian Bugs1029829

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
amanda (PTS)bullseye1:3.5.1-7vulnerable
bullseye (security)1:3.5.1-7+deb11u1fixed
bookworm1:3.5.1-11+deb12u1fixed
sid, trixie1:3.5.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
amandasourcebuster1:3.5.1-2+deb10u1DLA-3330-1
amandasourcebullseye1:3.5.1-7+deb11u1DLA-3880-1
amandasource(unstable)1:3.5.1-101029829

Notes

https://github.com/MaherAzzouzi/CVE-2022-37704
https://github.com/zmanda/amanda/issues/192
https://marc.info/?l=amanda-hackers&m=167437716918603&w=2
https://github.com/zmanda/amanda/pull/197
https://github.com/zmanda/amanda/commit/e890d08e16ea0621966a7ae35cce53ccb44a472e
Followup: https://github.com/zmanda/amanda/pull/202
Followup: https://github.com/zmanda/amanda/pull/205

Search for package or bug name: Reporting problems