An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/39244/ | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-10-24T21:00:00
Updated: 2018-10-24T21:57:01
Reserved: 2018-10-24T00:00:00
Link: CVE-2016-10730
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-10-24T21:29:00.360
Modified: 2019-01-09T19:56:08.183
Link: CVE-2016-10730
JSON object: View
Redhat Information
No data.
CWE