CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2016-10730
https://notcve.org/view.php?id=CVE-2016-10730
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. • https://www.exploit-db.com/exploits/39244 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2016-10729
https://notcve.org/view.php?id=CVE-2016-10729
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root. Se ha descubierto un problema en Amanda 3.3.1. Un usuario con privilegios backup puede comprometer de forma trivial una instalación de cliente. • https://www.exploit-db.com/exploits/39217 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2002-0901
https://notcve.org/view.php?id=CVE-2002-0901
Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs (2) amcheck, (3) amgetidx, (4) amtrmidx, (5) createindex-dump, or (6) createindex-gnutar. Múltiples desbordamientos de búfer en Advanced Maryland Automatic Disk Archiver (AMANDA) 2.3.0.4 permite a atacantes remotos, ejecutar código arbitrario mediante comandos largos al demonio amindexk, o a ciertos usuarios locales ejecutar código arbitrario mediante un argumento de línea de comando largo a los programas amcheck amgetidx amtrmidx createindex-dump, or createindex-gnutar • http://online.securityfocus.com/archive/1/274215 http://www.iss.net/security_center/static/9181.php http://www.iss.net/security_center/static/9182.php http://www.securityfocus.com/bid/4836 http://www.securityfocus.com/bid/4840 •