CVE-2022-37704 Information

Description

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges denial of service and information disclosure.

Reference

http://www.amanda.org/ https://github.com/zmanda/amanda/pull/197 https://github.com/zmanda/amanda/pull/205 https://github.com/MaherAzzouzi/CVE-2022-37704