CVE-2022-37703

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.amanda.org/	Vendor Advisory
https://bugs.gentoo.org/870037	Third Party Advisory
https://github.com/MaherAzzouzi/CVE-2022-37703	Third Party Advisory
https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3
https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2/

Configurations

Configuration 1 (hide)

cpe:2.3:a:amanda:amanda:3.5.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-09-13 20:15

Updated : 2023-12-03 11:15

NVD link : CVE-2022-37703

Mitre link : CVE-2022-37703

CVE.ORG link : CVE-2022-37703

JSON object : View

Products Affected

amanda

amanda

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2022-37703", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2022-09-13T20:15:09.793", "references": [{"url": "http://www.amanda.org/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugs.gentoo.org/870037", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/MaherAzzouzi/CVE-2022-37703", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/zmanda/amanda/releases/tag/tag-community-3.5.3", "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00003.html", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2/", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path."}, {"lang": "es", "value": "En Amanda versi\u00f3n 3.5.1, se encontr\u00f3 una vulnerabilidad de filtrado de informaci\u00f3n en el binario SUID de calcsize. Un atacante puede abusar de esta vulnerabilidad para saber si un directorio se presenta o no en cualquier parte del fs. El binario usar\u00e1 \"opendir()\" como root directamente sin comprobar la ruta, permitiendo al atacante proporcionar una ruta arbitraria"}], "lastModified": "2023-12-03T11:15:08.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:amanda:amanda:3.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97C10DDE-E81D-42F4-9A24-F1F11A2B7A6C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}