PT-2009-5888 · Unknown · Back In Time
Vincent Danen
·
Published
2009-10-26
·
Updated
2024-01-25
·
CVE-2009-3611
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Back In Time version 0.9.26
Description
The issue allows local users to obtain sensitive information or interfere with backup integrity. This is due to the
common/snapshots.py file changing certain permissions to 0777 before deleting files in an old backup snapshot, enabling users to read or modify these files.Recommendations
For version 0.9.26, consider restricting access to the
common/snapshots.py file until a patch is available, or avoid using the affected backup functionality to minimize the risk of exploitation.Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Back In Time