CVE-2022-37703

2022-09-1320:15:09

Debian Security Bug Tracker

security-tracker.debian.org

amanda

vulnerability

calcsize

suid

binary

opendir()

unix

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

18.0%

JSON

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use opendir() as root directly without checking the path, letting the attacker provide an arbitrary path.

OSVersionArchitecturePackageVersionFilename
Debian12allamanda< 1:3.5.1-10amanda_1:3.5.1-10_all.deb
Debian11allamanda< 1:3.5.1-7+deb11u1amanda_1:3.5.1-7+deb11u1_all.deb
Debian999allamanda< 1:3.5.1-10amanda_1:3.5.1-10_all.deb
Debian13allamanda< 1:3.5.1-10amanda_1:3.5.1-10_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	amanda	< 1:3.5.1-10	amanda_1:3.5.1-10_all.deb
Debian	11	all	amanda	< 1:3.5.1-7+deb11u1	amanda_1:3.5.1-7+deb11u1_all.deb
Debian	999	all	amanda	< 1:3.5.1-10	amanda_1:3.5.1-10_all.deb
Debian	13	all	amanda	< 1:3.5.1-10	amanda_1:3.5.1-10_all.deb