CVE-2016-10729

Name of the Vulnerable Software and Affected Versions Amanda version 3.3.1

Description An issue in Amanda allows a user with backup privileges to compromise a client installation. The runtar setuid root binary does not check for additional arguments supplied after --create, enabling users to manipulate commands and perform command injection as root.

Recommendations For Amanda version 3.3.1, consider restricting the use of the runtar setuid root binary until a patch is available to prevent command injection. At the moment, there is no information about a newer version that contains a fix for this issue.