CVE-2022-37705 - OpenCVE

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Zmanda	Amanda

Configuration 1 [-]

cpe:2.3:a:zmanda:amanda:3.5.1:*:*:*:*:*:*:*

References

Link	Resource
http://www.amanda.org/	Product
https://github.com/MaherAzzouzi/CVE-2022-37705	Exploit Third Party Advisory
https://github.com/zmanda/amanda/issues/192
https://github.com/zmanda/amanda/pull/194	Patch
https://github.com/zmanda/amanda/pull/196	Patch
https://github.com/zmanda/amanda/pull/204	Patch
https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3
https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2/
https://marc.info/?l=amanda-hackers

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-04-16T00:00:00

Updated: 2023-12-03T11:06:18.968263

Reserved: 2022-08-08T00:00:00

Link: CVE-2022-37705

JSON object: View

NVD Information

Status : Modified

Published: 2023-04-16T01:15:06.867

Modified: 2023-12-03T11:15:08.970

Link: CVE-2022-37705

JSON object: View

Redhat Information

No data.

CWE

CWE-88

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-37705", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2023-12-03T11:06:18.968263", "dateReserved": "2022-08-08T00:00:00", "datePublished": "2023-04-16T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-12-03T11:06:18.968263"}, "descriptions": [{"lang": "en", "value": "A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://www.amanda.org/"}, {"url": "https://github.com/MaherAzzouzi/CVE-2022-37705"}, {"url": "https://github.com/zmanda/amanda/issues/192"}, {"url": "https://marc.info/?l=amanda-hackers"}, {"name": "FEDORA-2023-3d0619d767", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ/"}, {"name": "FEDORA-2023-1293196f34", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2/"}, {"name": "FEDORA-2023-e295804b3d", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK/"}, {"url": "https://github.com/zmanda/amanda/pull/194"}, {"url": "https://github.com/zmanda/amanda/pull/196"}, {"url": "https://github.com/zmanda/amanda/pull/204"}, {"url": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3"}, {"name": "[debian-lts-announce] 20231203 [SECURITY] [DLA 3681-1] amanda security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zmanda:amanda:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D565A85-008D-4DCC-986C-15A258762DEE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),"}], "id": "CVE-2022-37705", "lastModified": "2023-12-03T11:15:08.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-16T01:15:06.867", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "http://www.amanda.org/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/MaherAzzouzi/CVE-2022-37705"}, {"source": "cve@mitre.org", "url": "https://github.com/zmanda/amanda/issues/192"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/zmanda/amanda/pull/194"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/zmanda/amanda/pull/196"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/zmanda/amanda/pull/204"}, {"source": "cve@mitre.org", "url": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2/"}, {"source": "cve@mitre.org", "url": "https://marc.info/?l=amanda-hackers"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "nvd@nist.gov", "type": "Primary"}]}