CVE-2022-37704

MEDIUM

Amanda 3.5.1 - Privilege Escalation via rundump SUID Binary

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-37704. PoCs published by MaherAzzouzi.

AI-analyzed exploit summary The repository describes a local privilege escalation (LPE) vulnerability in Amanda 3.5.1, where the SUID binary `/lib/amanda/rundump` executes `/usr/sbin/dump` with attacker-controlled arguments, leading to privilege escalation, denial of service, or information disclosure. The root cause is the untrusted execution of `execve(dump_program, argv, env)` in `rundump.c`.

Description

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.

Exploits (1)

nomisec WRITEUP 3 stars
by MaherAzzouzi · poc
https://github.com/MaherAzzouzi/CVE-2022-37704

The repository describes a local privilege escalation (LPE) vulnerability in Amanda 3.5.1, where the SUID binary `/lib/amanda/rundump` executes `/usr/sbin/dump` with attacker-controlled arguments, leading to privilege escalation, denial of service, or information disclosure. The root cause is the untrusted execution of `execve(dump_program, argv, env)` in `rundump.c`.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Amanda 3.5.1
No auth needed
Prerequisites: Local access to the system · Presence of Amanda 3.5.1 with the vulnerable SUID binary
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (12)

Core 12
Core References

Scores

CVSS v3 6.7
EPSS 0.0053
EPSS Percentile 40.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-77
Status published
Products (1)
zmanda/amanda 3.5.1
Published Apr 16, 2023
Tracked Since Feb 18, 2026