CVE-2022-37704

Name of the Vulnerable Software and Affected Versions Amanda version 3.5.1

Description The issue allows privilege escalation from a regular user backup to root. A SUID binary located at /lib/amanda/rundump executes /usr/sbin/dump as root with controlled arguments from the attacker, which may lead to escalation of privileges, denial of service, and information disclosure.

Recommendations For Amanda version 3.5.1, consider restricting access to the SUID binary located at /lib/amanda/rundump to minimize the risk of exploitation. As a temporary workaround, consider disabling the execution of /usr/sbin/dump by the SUID binary until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.