CVE-2022-37705
Published: 16 April 2023
Summary
CVE-2022-37705 is a medium-severity Argument Injection (CWE-88) vulnerability in Zmanda Amanda. Its CVSS base score is 6.7 (Medium).
Operationally, ranked in the top 10.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A privilege escalation vulnerability tracked as CVE-2022-37705 affects Amanda 3.5.1. The flaw resides in the runtar SUID wrapper program, which invokes /usr/bin/tar and mishandles attacker-controlled arguments when name-value pairs are delimited by an equals sign instead of the expected space character.
A local attacker possessing backup-user privileges can supply crafted arguments to runtar, causing tar to execute with unintended options that yield root access. The issue is assigned CWE-88 and carries a CVSS 3.1 base score of 6.7 reflecting local attack vector, low complexity, and high impact on confidentiality, integrity, and availability.
Public references point to Amanda project issue 192 together with pull requests 194 and 196 that contain fixes; the project site provides the canonical distribution point for updated packages. The associated EPSS scores remain low, with a recorded peak of 0.0529.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-40319
Vulnerability details
A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by…
more
the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported),
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.