CVE-2022-37704

Опубликовано: 07 фев. 2023

Источник: redhat

CVSS3: 6.7

EPSS Низкий

Описание

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.

A flaw was found in Amanda. The rundump SUID binary executes /usr/sbin/dump as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user "amandabackup" to root.

Отчет

This flaw has been rated Low on Red Hat Enterprise Linux since unprivileged users can't pass arbitrary arguments to the rundump SUID binary. By default, only users in the "disk" group can execute the rundump binary on RHEL.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	amanda	Out of support scope
Red Hat Enterprise Linux 7	amanda	Out of support scope
Red Hat Enterprise Linux 8	amanda	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-269

https://bugzilla.redhat.com/show_bug.cgi?id=2167743amanda: rundump: crafted arguments can lead to local privilege escalation

EPSS

Процентиль: 26%

0.00089

Низкий

6.7 Medium

CVSS3

Связанные уязвимости

CVE-2022-37704

CVSS3: 6.7

ubuntu

больше 2 лет назад

CVE-2022-37704

CVSS3: 6.7

nvd

больше 2 лет назад

CVE-2022-37704

CVSS3: 6.7

debian

больше 2 лет назад

Amanda 3.5.1 allows privilege escalation from the regular user backup ...

GHSA-2699-8r69-fq67

CVSS3: 7.8

github

больше 2 лет назад

openSUSE-SU-2023:0069-1

suse-cvrf

больше 2 лет назад

Security update for amanda

EPSS

Процентиль: 26%

0.00089

Низкий

6.7 Medium

CVSS3