CVE-2022-37704
Description
Amanda 3.5.1 SUID binary "/lib/amanda/rundump" executes "/usr/sbin/dump" as root with attacker-controlled arguments, enabling local privilege escalation to root.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Amanda 3.5.1 SUID binary "/lib/amanda/rundump" executes "/usr/sbin/dump" as root with attacker-controlled arguments, enabling local privilege escalation to root.
Vulnerability
Amanda version 3.5.1 contains a privilege escalation vulnerability in the SUID binary rundump located at /lib/amanda/rundump. The binary executes /usr/sbin/dump as root using execve(dump_program, argv, env), passing attacker-controlled arguments. The dump program can be replaced or symlinked by an attacker. The affected component is rundump.c, and the flaw is present in the 3.5.1 release [2] [3].
Exploitation
An attacker must have local access as the backup user (or any user that can run the rundump binary). The attacker can replace or symlink /usr/sbin/dump with a malicious executable. Running rundump with crafted arguments will then execute the attacker's binary as root. No additional authentication or user interaction is required beyond being able to invoke the SUID binary [2].
Impact
Successful exploitation grants full root privileges to the attacker. This leads to a complete compromise of the system, including the ability to read, modify, or delete any file (information disclosure, denial of service), and to execute arbitrary code as the superuser [1] [2].
Mitigation
A fix was released in Amanda version 3.5.3 on March 15, 2023 [1]. Users should upgrade to 3.5.3 or later. If upgrading is not immediately possible, the rundump binary should have its SUID bit removed if the functionality is not required. No workaround is available for the vulnerability without applying the patch. The issue is not listed on CISA's Known Exploited Vulnerabilities Catalog as of this writing.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
5- osv-coords3 versionspkg:rpm/opensuse/amanda&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/amanda&distro=openSUSE%20Tumbleweedpkg:rpm/suse/amanda&distro=SUSE%20Package%20Hub%2015%20SP4
< 3.5.1-bp154.3.3.1+ 2 more
- (no CPE)range: < 3.5.1-bp154.3.3.1
- (no CPE)range: < 3.5.3-1.1
- (no CPE)range: < 3.5.1-bp154.3.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
10- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5DCLSX5YYTWMKSMDL67M5STZ5ZDSOXK/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ATMGMVS3QDN6OMKMHGUTUTU7NS7HR3BZ/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYREA6LFXF5M7K4WLNJV5VNQPS4MTBW2/mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2023/02/msg00025.htmlmitremailing-list
- www.amanda.orgmitre
- github.com/zmanda/amanda/issues/192mitre
- github.com/zmanda/amanda/pull/197mitre
- github.com/zmanda/amanda/pull/205mitre
- github.com/zmanda/amanda/releases/tag/tag-community-3.5.3mitre
- marc.infomitre
News mentions
0No linked articles in our index yet.