CVE-2016-10729 — Command Injection in Amanda

CWE-77 — Command Injection CWE-78 — OS Command Injection7 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 56.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Amanda Debian Amanda Debian Linux +2 more

Timeline

PublishedOct 24

Latest updateMay 14

Description

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/amanda< amanda 1:3.3.9-1 (bookworm)

▶Debianamanda/amanda< 1:3.3.9-1+2

▶NVDzmanda/amanda3.3.1

Also affects: Debian Linux 10.0, 7.0, 8.0, 9.0, Enterprise Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-269f-8j25-5mp2: An issue was discovered in Amanda 3↗2022-05-14

▶

OSV

CVE-2016-10729: An issue was discovered in Amanda 3↗2018-10-24

▶

📋Vendor Advisories

Red Hat

amanda: Privilege escalation in runtar via --rsh-command option↗2016-01-11

▶

Debian

CVE-2016-10729: amanda - An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivi...↗2016

▶

💬Community

Bugzilla

CVE-2016-10729 amanda: Privilege escalation in runtar via --rsh-command option↗2018-11-06

▶

Bugzilla

CVE-2016-10729 amanda: Privilege escalation in runtar via --rsh-command option [fedora-all]↗2018-11-06

▶