6.7

CVE-2022-37705

Exploit
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZmandaAmanda Version3.5.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.25% 0.654
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

http://www.amanda.org/
Product
https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3
https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2/
https://github.com/zmanda/amanda/issues/192
https://marc.info/?l=amanda-hackers
https://github.com/MaherAzzouzi/CVE-2022-37705
Third Party Advisory
Exploit
https://github.com/zmanda/amanda/pull/194
Patch
https://github.com/zmanda/amanda/pull/196
Patch
https://github.com/zmanda/amanda/pull/204
Patch
https://lists.debian.org/debian-lts-announce/2024/09/msg00023.html