PT-2018-4896 · Zmanda · Amanda

Hacker Fantastic

Published

2018-10-24

Updated

2019-01-09

CVE-2016-10730

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Amanda version 3.3.1

Description An issue was discovered that allows a user with backup privileges to compromise a client installation. The Amstar script, which is part of the Amanda Application API, should not be run directly by users. It utilizes the star utility for backup and restore operations and executes binaries with root permissions when parsing the --star-path command line argument.

Recommendations For Amanda version 3.3.1, consider restricting access to the Amstar script to prevent direct execution by users, and ensure that the --star-path argument is properly validated to prevent unauthorized execution of binaries with root permissions.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2016-10730

Affected Products

Amanda

PT-2018-4896 · Zmanda · Amanda

CVE-2016-10730

Weakness Enumeration

Related Identifiers

Affected Products

References · 8