Summary
The remote host is missing an update to backuppc
announced via advisory USN-843-1.
Solution
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 8.04 LTS:
backuppc 3.0.0-4ubuntu1.1
Ubuntu 8.10:
backuppc 3.1.0-3ubuntu2.1
Ubuntu 9.04:
backuppc 3.1.0-4ubuntu1.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
https://secure1.securityspace.com/smysecure/catid.html?in=USN-843-1
Insight
It was discovered that BackupPC did not restrict normal users from setting the ClientNameAlias parameter. An authenticated user could exploit this to gain access to unauthorized hosts. This update fixed the issue by preventing normal users from modifying the ClientNameAlias configuration parameter.
Severity
Classification
-
CVE CVE-2009-3369 -
CVSS Base Score: 8.5
AV:N/AC:M/Au:S/C:C/I:C/A:C
Related Vulnerabilities
- Ubuntu Update for Firefox 3.0 and Xulrunner 1.9 vulnerabilities USN-895-1
- Ubuntu Update for emacs21 vulnerability USN-504-1
- Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update USN-930-2
- Ubuntu Update for ca-certificates-java USN-1197-8
- Ubuntu Update for calligra USN-1525-1