Debian dla-3681 : amanda-client - security update

high Nessus Plugin ID 186524

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3681 advisory.

------------------------------------------------------------------------- Debian LTS Advisory DLA-3681-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost December 03, 2023 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : amanda Version : 1:3.5.1-2+deb10u2 CVE ID : CVE-2022-37703 CVE-2022-37705 CVE-2023-30577 Debian Bug : 1021017 1029829 1055253

Multiple vulnerabilties have been found in Amanda,a backup system designed to archive many computers on a network to a single large-capacity tape drive. The vulnerabilties potentially allows local privilege escalation from the backup user to root or leak information whether a directory exists in the filesystem.

CVE-2022-37703

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.

CVE-2022-37705

A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary.

CVE-2023-30577

The SUID binary runtar can accept the possibly malicious GNU tar options if fed with some non-argument option starting with
--exclude (say --exclude-vcs). The following option will be accepted as good and it could be an option passing some script/binary that would be executed with root permissions.

For Debian 10 buster, these problems have been fixed in version 1:3.5.1-2+deb10u2.

We recommend that you upgrade your amanda packages.

For the detailed security status of amanda please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/amanda

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Attachment:
signature.asc Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the amanda-client packages.

Plugin Details

Severity: High

ID: 186524

File Name: debian_DLA-3681.nasl

Version: 1.1

Type: local

Agent: unix

Family: Debian Local Security Checks

Published: 12/3/2023

Updated: 1/22/2025

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-30577

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:amanda-server, p-cpe:/a:debian:debian_linux:amanda-client, p-cpe:/a:debian:debian_linux:amanda-common

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/3/2023

Vulnerability Publication Date: 9/13/2022

Reference Information

CVE: CVE-2022-37703, CVE-2022-37705, CVE-2023-30577

Detections

Analytics