CyberSec.Space Logo
Back to CVE Browser

CVE-2016-10729

HIGH
7.8
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile38.98th
PublishedOct 24, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.

Affected Platforms (CPE)

πŸ“¦
Zmanda

Amanda

= 3.3.1
πŸ’»
Redhat

Enterprise Linux

= 7.0
πŸ’»
Debian

Debian Linux

= 7.0
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0
πŸ’»
Debian

Debian Linux

= 10.0

References & Advisories

πŸ”— https://www.exploit-db.com/exploits/39217/
πŸ”— https://www.exploit-db.com/exploits/39217/

Related Vulnerabilities

CVE-2002-090110.0

Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to exec...

CVE-2016-107307.8

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is a...

CVE-1999-15177.2

runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user t...

CVE-2016-150510.0

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a...