Lucene search

[email protected]CVE-2009-3369

HistorySep 24, 2009 - 4:30 p.m.

CVE-2009-3369

2009-09-2416:30:02

CWE-264

[email protected]

web.nvd.nist.gov

cve-2009-3369

backuppc 3.1.0

ssh keys

rsync

multi-user environment

remote code execution

vulnerability

nvd

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

5.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.7%

JSON

CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.

Affected configurations

NVD

Node

craig_barrattbackuppcMatch3.1.0

CPENameOperatorVersion
craig_barratt:backuppccraig barratt backuppceq3.1.0

CPE	Name	Operator	Version
craig_barratt:backuppc	craig barratt backuppc	eq	3.1.0

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=542218

osvdb.org/57236

secunia.com/advisories/36393

secunia.com/advisories/37161

bugzilla.redhat.com/show_bug.cgi?id=518412

www.redhat.com/archives/fedora-package-announce/2009-October/msg00694.html

www.redhat.com/archives/fedora-package-announce/2009-October/msg00729.html

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

5.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.7%

JSON

Related for CVE-2009-3369

openvas10 nessus3 fedora2 securityvulns2 cvelist1 ubuntucve1 ubuntu1 nvd1 prion1 debiancve1