UBUNTU-CVE-2016-10730
- Source
- https://ubuntu.com/security/CVE-2016-10730
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-10730.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2016-10730
- Related
- Published
- 2018-10-24T21:29:00Z
- Modified
- 2025-01-13T10:21:18Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / amanda
Package
- Name
- amanda
- Purl
- pkg:deb/ubuntu/amanda@1:3.3.6-4.1ubuntu0.1+esm2?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:18.04:LTS / amanda
Package
- Name
- amanda
- Purl
- pkg:deb/ubuntu/amanda@1:3.5.1-1build2?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:3.5.1-1build2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1:3.5.1-1build2",
"binary_name": "amanda-client"
},
{
"binary_version": "1:3.5.1-1build2",
"binary_name": "amanda-client-dbgsym"
},
{
"binary_version": "1:3.5.1-1build2",
"binary_name": "amanda-common"
},
{
"binary_version": "1:3.5.1-1build2",
"binary_name": "amanda-common-dbgsym"
},
{
"binary_version": "1:3.5.1-1build2",
"binary_name": "amanda-server"
},
{
"binary_version": "1:3.5.1-1build2",
"binary_name": "amanda-server-dbgsym"
}
]
}