6 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-10730
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API scrip...
RHEL 7 : amanda (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - amanda: Privilege escalation in amstar and amgtar via --tar-path option CVE-2016-10730 Note that Nessus has not...
Amazon Linux 2 : amanda (ALAS-2023-2218)
The version of amanda installed on the remote host is prior to 3.3.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2218 advisory. An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The...
Medium: amanda
Issue Overview: An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injecti...
CVE-2016-10730
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing t...
CVE-2016-10730
CVE-2016-10730 affects Amanda 3.3.1. The Amstar component can be invoked in a way that leads to privilege escalation via the --star-path handling, with runtar and other components running setuid/root—allowing a backup-privileged user to compromise a client installation (local, root-level impact)....