PT-2009-5676 · Backuppc · Backuppc
David Ambrose-Griffith
·
Publicado
2009-09-24
·
Atualizado
2025-09-08
·
CVE-2009-3369
CVSS v2.0
8.5
Alta
| Vetor | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
BackupPC version 3.1.0
Description
The issue allows remote authenticated users to read and write sensitive files by modifying the
ClientNameAlias function to match another system and then initiating a backup or restore. This is possible when SSH keys and Rsync are in use in a multi-user environment.Recommendations
For BackupPC version 3.1.0, restrict access to the
ClientNameAlias function to prevent users from modifying it and gaining unauthorized access to sensitive files. As a temporary workaround, consider disabling the ClientNameAlias function until a patch is available.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Backuppc