QwikSec

Security Database

CVE

CWE

Training

CVE-2022-37704

Published: Apr 16, 2023

Modified: Nov 4, 2025

PUBLISHED

Description

Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.amanda.org/

https://github.com/MaherAzzouzi/CVE-2022-37704

https://github.com/zmanda/amanda/issues/192

https://marc.info/?l=amanda-hackers

[debian-lts-announce] 20230221 [SECURITY] [DLA 3330-1] amanda security update

mailing-list

FEDORA-2023-3d0619d767

vendor-advisory

FEDORA-2023-1293196f34

vendor-advisory

FEDORA-2023-e295804b3d

vendor-advisory

https://github.com/zmanda/amanda/pull/197

https://github.com/zmanda/amanda/pull/205

https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.