Описание
Security update for amanda
This update for amanda fixes the following issues:
- CVE-2022-37704: fix privilege escalation via rundump (boo#1208033, gh#zmanda/amanda#195)
- CVE-2022-37705: fix privilege escalation via runtar suid binary (boo#1208032, gh#zmanda/amanda#194)
Список пакетов
SUSE Package Hub 15 SP4
openSUSE Leap 15.4
Ссылки
- E-Mail link for openSUSE-SU-2023:0069-1
- SUSE Security Ratings
- SUSE Bug 1208032
- SUSE Bug 1208033
- SUSE CVE CVE-2022-37704 page
- SUSE CVE CVE-2022-37705 page
Описание
Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.
Затронутые продукты
Ссылки
- CVE-2022-37704
- SUSE Bug 1208033
Описание
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),
Затронутые продукты
Ссылки
- CVE-2022-37705
- SUSE Bug 1208032
- SUSE Bug 1213701