Back to bug 2167743
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| TEJ RATHI | 2023-02-07 12:43:19 UTC | CC | jridky, pcahyna | |
| TEJ RATHI | 2023-02-07 12:44:17 UTC | Blocks | 2167399 | |
| Sandipan Roy | 2023-02-10 04:43:10 UTC | Doc Text | Amanda has a flaw that allows privilege escalation from the regular user backup to the root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure. | |
| Sandipan Roy | 2023-02-10 04:44:37 UTC | Depends On | 2168793, 2168791, 2168790, 2168794, 2168789, 2168795, 2168796, 2168792 | |
| Paige Jung | 2023-02-10 15:22:23 UTC | Doc Text | Amanda has a flaw that allows privilege escalation from the regular user backup to the root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure. | A flaw was found in Amanda. This issue may allow privilege escalation from the regular user backup to the root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker, which may lead to escalation of privileges, denial of service, and information disclosure. |
| Mauro Matteo Cascella | 2023-02-27 16:34:20 UTC | Severity | high | medium |
| Priority | high | medium | ||
| Mauro Matteo Cascella | 2023-02-27 17:49:40 UTC | Summary | CVE-2022-37704 amanda: rundump: local privilege escalation | CVE-2022-37704 amanda: rundump: crafted arguments can lead to local privilege escalation |
| Mauro Matteo Cascella | 2023-02-27 18:42:18 UTC | Doc Text | A flaw was found in Amanda. This issue may allow privilege escalation from the regular user backup to the root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker, which may lead to escalation of privileges, denial of service, and information disclosure. | A flaw was found in Amanda. The SUID binary located at /lib64/amanda/rundump executes /usr/sbin/dump as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user "amandabackup" to root. |
| Mauro Matteo Cascella | 2023-02-27 18:44:39 UTC | Doc Text | A flaw was found in Amanda. The SUID binary located at /lib64/amanda/rundump executes /usr/sbin/dump as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user "amandabackup" to root. | A flaw was found in Amanda. The `rundump` SUID binary executes /usr/sbin/dump as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user "amandabackup" to root. |
| Mauro Matteo Cascella | 2023-02-27 20:07:36 UTC | Priority | medium | low |
| Severity | medium | low | ||
| Red Hat Bugzilla | 2023-07-07 08:34:45 UTC | Assignee | security-response-team | nobody |
Back to bug 2167743