PT-2009-5676 · Backuppc · Backuppc
David Ambrose-Griffith
·
Published
2009-09-24
·
Updated
2025-09-08
·
CVE-2009-3369
CVSS v2.0
8.5
High
| Vector | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
BackupPC version 3.1.0
Description
The issue allows remote authenticated users to read and write sensitive files by modifying the
ClientNameAlias function to match another system and then initiating a backup or restore. This is possible when SSH keys and Rsync are in use in a multi-user environment.Recommendations
For BackupPC version 3.1.0, restrict access to the
ClientNameAlias function to prevent users from modifying it and gaining unauthorized access to sensitive files. As a temporary workaround, consider disabling the ClientNameAlias function until a patch is available.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Backuppc