{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2016-10730","title":"Title"},{"category":"description","text":"An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2016-10730","url":"https://www.suse.com/security/cve/CVE-2016-10730"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1113057 for CVE-2016-10730","url":"https://bugzilla.suse.com/1113057"}],"title":"SUSE CVE CVE-2016-10730","tracking":{"current_release_date":"2025-04-25T08:30:11Z","generator":{"date":"2023-02-15T04:53:30Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2016-10730","initial_release_date":"2023-02-15T04:53:30Z","revision_history":[{"date":"2023-02-15T04:53:30Z","number":"2","summary":"Current version"},{"date":"2025-01-01T09:21:52Z","number":"3","summary":"Current version"},{"date":"2025-02-18T08:02:04Z","number":"4","summary":"Current version"},{"date":"2025-03-16T03:30:24Z","number":"5","summary":"Current version"},{"date":"2025-04-25T08:30:11Z","number":"6","summary":"Current version"}],"status":"interim","version":"6"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SLES for SAP Applications 11 SP3","product":{"name":"SLES for SAP Applications 11 SP3","product_id":"SLES for SAP Applications 11 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_sap:11:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product":{"name":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_teradata:11:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP3 LTSS","product":{"name":"SUSE Linux Enterprise Server 11 SP3 LTSS","product_id":"SUSE Linux Enterprise Server 11 SP3 LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_ltss:11:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP3 for Teradata","product":{"name":"SUSE Linux Enterprise Server 11 SP3 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP3 for Teradata","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_teradata:11:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP4-LTSS","product":{"name":"SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles:11:sp4"}}},{"category":"product_version","name":"amanda","product":{"name":"amanda","product_id":"amanda","product_identification_helper":{"cpe":"cpe:2.3:a:zmanda:amanda:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/amanda@?upstream=amanda.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"amanda as component of SLES for SAP Applications 11 SP3","product_id":"SLES for SAP Applications 11 SP3:amanda"},"product_reference":"amanda","relates_to_product_reference":"SLES for SAP Applications 11 SP3"},{"category":"default_component_of","full_product_name":{"name":"amanda as component of SUSE Linux Enterprise Server 11 SP1 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP1 for Teradata:amanda"},"product_reference":"amanda","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP1 for Teradata"},{"category":"default_component_of","full_product_name":{"name":"amanda as component of SUSE Linux Enterprise Server 11 SP3 LTSS","product_id":"SUSE Linux Enterprise Server 11 SP3 LTSS:amanda"},"product_reference":"amanda","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP3 LTSS"},{"category":"default_component_of","full_product_name":{"name":"amanda as component of SUSE Linux Enterprise Server 11 SP3 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP3 for Teradata:amanda"},"product_reference":"amanda","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP3 for Teradata"},{"category":"default_component_of","full_product_name":{"name":"amanda as component of SUSE Linux Enterprise Server 11 SP4-LTSS","product_id":"SUSE Linux Enterprise Server 11 SP4-LTSS:amanda"},"product_reference":"amanda","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP4-LTSS"}]},"vulnerabilities":[{"cve":"CVE-2016-10730","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-10730"}],"notes":[{"category":"general","text":"An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.","title":"CVE description"}],"product_status":{"known_not_affected":["SLES for SAP Applications 11 SP3:amanda","SUSE Linux Enterprise Server 11 SP1 for Teradata:amanda","SUSE Linux Enterprise Server 11 SP3 LTSS:amanda","SUSE Linux Enterprise Server 11 SP3 for Teradata:amanda","SUSE Linux Enterprise Server 11 SP4-LTSS:amanda"]},"references":[{"category":"external","summary":"CVE-2016-10730","url":"https://www.suse.com/security/cve/CVE-2016-10730"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1113057 for CVE-2016-10730","url":"https://bugzilla.suse.com/1113057"}],"threats":[{"category":"impact","date":"2018-10-25T07:24:42Z","details":"important"}],"title":"CVE-2016-10730"}]}