Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-37705

Опубликовано: 16 апр. 2023
Источник: debian

Описание

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),

Пакеты

ПакетСтатусВерсия исправленияРелизТип
amandafixed1:3.5.1-10package

Примечания

  • https://github.com/MaherAzzouzi/CVE-2022-37705

  • https://github.com/zmanda/amanda/issues/192

  • https://marc.info/?l=amanda-hackers&m=167437716918603&w=2

  • https://github.com/zmanda/amanda/pull/196

  • https://github.com/zmanda/amanda/commit/43c5b32f46186f3ed78fe6c7503096fa9ad1236c

Связанные уязвимости

ubuntu логотип

CVE-2022-37705

CVSS3: 6.7
ubuntu
почти 3 года назад

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),

redhat логотип

CVE-2022-37705

CVSS3: 6.7
redhat
около 3 лет назад

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),

nvd логотип

CVE-2022-37705

CVSS3: 6.7
nvd
почти 3 года назад

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),

github логотип

GHSA-f6f6-98vp-w8mf

CVSS3: 7.8
github
почти 3 года назад

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),

suse-cvrf логотип

openSUSE-SU-2023:0069-1

suse-cvrf
почти 3 года назад

Security update for amanda