CVE-2022-37705

NameCVE-2022-37705
DescriptionA privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1029829

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
amanda (PTS)buster1:3.5.1-2vulnerable
buster (security)1:3.5.1-2+deb10u1vulnerable
bullseye1:3.5.1-7vulnerable
sid, trixie, bookworm1:3.5.1-11fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
amandasource(unstable)1:3.5.1-101029829

Notes

[bullseye] - amanda <no-dsa> (Minor issue)
[buster] - amanda <no-dsa> (Minor issue)
https://github.com/MaherAzzouzi/CVE-2022-37705
https://github.com/zmanda/amanda/issues/192
https://marc.info/?l=amanda-hackers&m=167437716918603&w=2
https://github.com/zmanda/amanda/pull/196
https://github.com/zmanda/amanda/commit/43c5b32f46186f3ed78fe6c7503096fa9ad1236c
Search for package or bug name: Reporting problems