Summary
This host has BackupPC intallation and is prone to security bypass vulnerability.
Impact
Successful attacks may allow remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore on the victim's system.
Impact Level: System
Solution
Update to version 3.1.0-7 or later,
For updates refer to http://backuppc.sourceforge.net
Insight
The security issue is due to the application allowing users to set the 'ClientNameAlias' option for configured hosts. This can be exploited to backup arbitrary directories from client systems for which Rsync over SSH is configured as a transfer method.
Affected
BackupPC version 3.1.0 and prior.
References
Severity
Classification
-
CVE CVE-2009-3369 -
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
- Adobe Captivate Insecure Library Loading Vulnerability
- Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Mac OS X)