CVE-2009-3611

Sažetak

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785
http://bugs.gentoo.org/show_bug.cgi?id=289047
http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz
http://marc.info/?l=oss-security&m=125553645511436&w=2
http://marc.info/?l=oss-security&m=125554894700336&w=2
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256
https://bugzilla.redhat.com/show_bug.cgi?id=520210
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.html
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00823.html

CVSS

Base:	3.6
Impact:	4.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

25-01-2024 - 21:37

Objavljeno

26-10-2009 - 16:30