CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
18.5%
Maher Azzouzi discovered an information disclosure vulnerability in the
calcsize binary within amanda. calcsize is a suid binary owned by root that
could possibly be used by a malicious local attacker to expose sensitive
file system information. (CVE-2022-37703)
Maher Azzouzi discovered a privilege escalation vulnerability in the
rundump binary within amanda. rundump is a suid binary owned by root that
did not perform adequate sanitization of environment variables or
commandline options and could possibly be used by a malicious local
attacker to escalate privileges. (CVE-2022-37704)
Maher Azzouzi discovered a privilege escalation vulnerability in the runtar
binary within amanda. runtar is a suid binary owned by root that did not
perform adequate sanitization of commandline options and could possibly be
used by a malicious local attacker to escalate privileges. (CVE-2022-37705)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 22.10 | noarch | amanda-client | < 1:3.5.1-9ubuntu0.1 | UNKNOWN |
Ubuntu | 22.10 | noarch | amanda-client-dbgsym | < 1:3.5.1-9ubuntu0.1 | UNKNOWN |
Ubuntu | 22.10 | noarch | amanda-common | < 1:3.5.1-9ubuntu0.1 | UNKNOWN |
Ubuntu | 22.10 | noarch | amanda-common-dbgsym | < 1:3.5.1-9ubuntu0.1 | UNKNOWN |
Ubuntu | 22.10 | noarch | amanda-server | < 1:3.5.1-9ubuntu0.1 | UNKNOWN |
Ubuntu | 22.10 | noarch | amanda-server-dbgsym | < 1:3.5.1-9ubuntu0.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | amanda-client | < 1:3.5.1-8ubuntu1.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | amanda-client-dbgsym | < 1:3.5.1-8ubuntu1.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | amanda-common | < 1:3.5.1-8ubuntu1.1 | UNKNOWN |
Ubuntu | 22.04 | noarch | amanda-common-dbgsym | < 1:3.5.1-8ubuntu1.1 | UNKNOWN |