Bugzilla – Bug 1208032
VUL-0: CVE-2022-37705: amanda: crafted arguments to the runtar SUID binary leads to local privilege escalation to root
Last modified: 2024-05-03 13:57:26 UTC
CVE-2022-37705 A privilege escalation flaw was found on Amanda 3.5.1 that can take backup user to root privileges. The vulnerable component is the runtar SUID that is just a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. The program does not check correctly the args passed to tar binary (it assumes that all args should be like this --ARG VALUE but we can provide this --ARG=VALUE as one argument). Upstream PR (not merged yet): https://github.com/zmanda/amanda/pull/194 https://github.com/MaherAzzouzi/CVE-2022-37705 https://github.com/zmanda/amanda/issues/192 https://marc.info/?l=amanda-hackers&m=167437716918603&w=2 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37705 https://bugzilla.redhat.com/show_bug.cgi?id=2167744
Affected: - SUSE:SLE-11:Update - openSUSE:Factory - openSUSE:Backports:SLE-15-SP3 - openSUSE:Backports:SLE-15-SP4
Backporst for 15.3 is no longer supported.
This is an autogenerated message for OBS integration: This bug (1208032) was mentioned in https://build.opensuse.org/request/show/1066928 Backports:SLE-15-SP4 / amanda
openSUSE-SU-2023:0069-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1208032,1208033 CVE References: CVE-2022-37704,CVE-2022-37705 JIRA References: Sources used: openSUSE Backports SLE-15-SP4 (src): amanda-3.5.1-bp154.3.3.1
done, closing