Security Advisory

CVE-2022-37703

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-09-13 00:00:00

Last updated 2025-11-04 16:09:48

Assigner mitre

State PUBLISHED

Description

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path.

← Browse all CVEs View on cve.org ↗