Back to bug 2167744
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| TEJ RATHI | 2023-02-07 12:43:33 UTC | CC | jridky, pcahyna | |
| TEJ RATHI | 2023-02-07 12:44:17 UTC | Blocks | 2167399 | |
| Sandipan Roy | 2023-02-10 04:45:01 UTC | Doc Text | A privilege escalation flaw was found on Amanda that can take the backup user to root privileges. The vulnerable component is the runtar SUID that is just a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. The program does not check correctly the args passed to tar binary (it assumes that all args should be like this --ARG VALUE but we can provide this --ARG=VALUE as one argument). | |
| Sandipan Roy | 2023-02-10 04:46:08 UTC | Depends On | 2168802, 2168798, 2168797, 2168801, 2168799, 2168804, 2168800, 2168803 | |
| Paige Jung | 2023-02-10 15:28:59 UTC | Doc Text | A privilege escalation flaw was found on Amanda that can take the backup user to root privileges. The vulnerable component is the runtar SUID that is just a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. The program does not check correctly the args passed to tar binary (it assumes that all args should be like this --ARG VALUE but we can provide this --ARG=VALUE as one argument). | A privilege escalation flaw was found in Amanda that allows the backup user to gain root privileges. The vulnerable component is the runtar SUID, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. The program does not check the args passed to tar binary correctly, it assumes that all args should be --ARG VALUE, but we can provide the --ARG=VALUE as one argument. |
| Mauro Matteo Cascella | 2023-02-27 16:34:12 UTC | Severity | high | medium |
| Priority | high | medium | ||
| Mauro Matteo Cascella | 2023-02-27 17:50:26 UTC | Summary | CVE-2022-37705 amanda: crafted arguments to the runtar SUID binary leads to local privilege escalation to root | CVE-2022-37705 amanda: runtar: crafted arguments can lead to local privilege escalation |
| Mauro Matteo Cascella | 2023-02-27 18:45:16 UTC | Doc Text | A privilege escalation flaw was found in Amanda that allows the backup user to gain root privileges. The vulnerable component is the runtar SUID, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. The program does not check the args passed to tar binary correctly, it assumes that all args should be --ARG VALUE, but we can provide the --ARG=VALUE as one argument. | A flaw was found in Amanda. The `runtar` SUID binary executes /usr/bin/tar as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user "amandabackup" to root. |
| Mauro Matteo Cascella | 2023-02-27 20:07:45 UTC | Severity | medium | low |
| Priority | medium | low | ||
| Red Hat Bugzilla | 2023-07-07 08:30:19 UTC | Assignee | security-response-team | nobody |
Back to bug 2167744