CyberSec.Space Logo
Back to CVE Browser

CVE-2016-10730

HIGH
7.8
CVSS Severity Score
EPSS Score0.0430%
EPSS Percentile40.77th
PublishedOct 24, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.

Affected Platforms (CPE)

📦
Zmanda

Amanda

= 3.3.1
💻
Redhat

Enterprise Linux

= 7.0

References & Advisories

🔗 https://www.exploit-db.com/exploits/39244/
🔗 https://www.exploit-db.com/exploits/39244/

Related Vulnerabilities

CVE-2002-090110.0

Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to exec...

CVE-2016-107297.8

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar...

CVE-1999-15177.2

runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user t...

CVE-2016-045110.0

Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affec...