Backuppc · Backuppc · CVE-2009-3369
**Name of the Vulnerable Software and Affected Versions**
BackupPC version 3.1.0
**Description**
The issue allows remote authenticated users to read and write sensitive files by modifying the `ClientNameAlias` function to match another system and then initiating a backup or restore. This is possible when SSH keys and Rsync are in use in a multi-user environment.
**Recommendations**
For BackupPC version 3.1.0, restrict access to the `ClientNameAlias` function to prevent users from modifying it and gaining unauthorized access to sensitive files. As a temporary workaround, consider disabling the `ClientNameAlias` function until a patch is available.