Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-04-16T00:00:00
Updated: 2023-06-06T00:00:00
Reserved: 2022-08-08T00:00:00
Link: CVE-2022-37704
JSON object: View
NVD Information
Status : Modified
Published: 2023-04-16T01:15:06.823
Modified: 2023-11-07T03:49:53.003
Link: CVE-2022-37704
JSON object: View
Redhat Information
No data.
CWE