CVE-2016-10730

Name of the Vulnerable Software and Affected Versions Amanda version 3.3.1

Description An issue was discovered that allows a user with backup privileges to compromise a client installation. The Amstar script, which is part of the Amanda Application API, should not be run directly by users. It utilizes the star utility for backup and restore operations and executes binaries with root permissions when parsing the --star-path command line argument.

Recommendations For Amanda version 3.3.1, consider restricting access to the Amstar script to prevent direct execution by users, and ensure that the --star-path argument is properly validated to prevent unauthorized execution of binaries with root permissions.