CyberSec.Space Logo
返回 CVE 浏览器

CVE-2016-10729

HIGH
7.8
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile38.98th
Published2018年10月24日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.

Affected Platforms (CPE)

📦
Zmanda

Amanda

= 3.3.1
💻
Redhat

Enterprise Linux

= 7.0
💻
Debian

Debian Linux

= 7.0
💻
Debian

Debian Linux

= 8.0
💻
Debian

Debian Linux

= 9.0
💻
Debian

Debian Linux

= 10.0

References & Advisories

🔗 https://www.exploit-db.com/exploits/39217/
🔗 https://www.exploit-db.com/exploits/39217/

相关漏洞威胁

CVE-2002-090110.0

Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to exec...

CVE-2016-107307.8

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is a...

CVE-1999-15177.2

runtar in the Amanda backup system used in various UNIX operating systems executes tar with root privileges, which allows a user t...

CVE-2016-198510.0

HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java ...