CVE-2016-10730

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-10730

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10730.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-10730

Related

UBUNTU-CVE-2016-10730

Published

2018-10-24T21:29:00Z

Modified

2024-11-21T02:44:36Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.

References

Affected packages

Debian:11 / amanda

Package

Name: amanda
Purl: pkg:deb/debian/amanda?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.3.9-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / amanda

Package

Name: amanda
Purl: pkg:deb/debian/amanda?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.3.9-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / amanda

Package

Name: amanda
Purl: pkg:deb/debian/amanda?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.3.9-1

Ecosystem specific

{
    "urgency": "unimportant"
}