CVE-2016-10730 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-10730 Interim 1 12 2023-01-19T02:30:23Z current 2021-05-30T13:49:42Z 2023-01-19T02:30:23Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-10730 An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SLES for SAP Applications 11 SP3 SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP3 LTSS SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP4-LTSS amanda amanda as a component of SLES for SAP Applications 11 SP3 amanda as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata amanda as a component of SUSE Linux Enterprise Server 11 SP3 LTSS amanda as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata amanda as a component of SUSE Linux Enterprise Server 11 SP4-LTSS An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path. CVE-2016-10730 SLES for SAP Applications 11 SP3:amanda SUSE Linux Enterprise Server 11 SP1 for Teradata:amanda SUSE Linux Enterprise Server 11 SP3 LTSS:amanda SUSE Linux Enterprise Server 11 SP3 for Teradata:amanda SUSE Linux Enterprise Server 11 SP4-LTSS:amanda important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H