Description
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.
Exploits (1)
References (12)
Core 12
Core References
Product
http://www.amanda.org/
Third Party Advisory
https://github.com/MaherAzzouzi/CVE-2022-37704
Mailing List
https://marc.info/?l=amanda-hackers
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/02/msg00025.html
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK/
Issue Tracking
https://github.com/zmanda/amanda/issues/192
Scores
CVSS v3
6.7
EPSS
0.0014
EPSS Percentile
33.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (1)
zmanda/amanda
3.5.1
Published
Apr 16, 2023
Tracked Since
Feb 18, 2026