Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2009-3369HistorySep 24, 2009 - 4:30 p.m.
CVE-2009-3369
2009-09-2416:30:02
Debian Security Bug Tracker
security-tracker.debian.org
9
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
72.7%
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | backuppc | < 3.1.0-8 | backuppc_3.1.0-8_all.deb |
| Debian | 11 | all | backuppc | < 3.1.0-8 | backuppc_3.1.0-8_all.deb |
| Debian | 999 | all | backuppc | < 3.1.0-8 | backuppc_3.1.0-8_all.deb |
| Debian | 13 | all | backuppc | < 3.1.0-8 | backuppc_3.1.0-8_all.deb |
Related
openvas
openvas
Mandrake Security Advisory MDVSA-2009:253 (backuppc)
2009-10-06 00:00:00
Fedora Core 11 FEDORA-2009-9982 (BackupPC)
2009-11-11 00:00:00
Ubuntu: Security Advisory (USN-843-1)
2009-10-13 00:00:00
cve
cve
CVE-2009-3369
2009-09-24 16:30:02
nessus
nessus
Fedora 10 : BackupPC-3.1.0-6.fc10 (2009-9973)
2009-10-28 00:00:00
Fedora 11 : BackupPC-3.1.0-7.fc11 (2009-9982)
2009-10-28 00:00:00
Ubuntu 8.04 LTS / 8.10 / 9.04 : backuppc vulnerability (USN-843-1)
2009-10-07 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: BackupPC-3.1.0-6.fc10
2009-10-27 07:01:14
[SECURITY] Fedora 11 Update: BackupPC-3.1.0-7.fc11
2009-10-27 06:56:24
securityvulns
securityvulns
[ MDVSA-2009:253 ] backuppc
2009-10-04 00:00:00
BackupPC privilege escalation
2009-10-04 00:00:00
ubuntucve
ubuntucve
CVE-2009-3369
2009-09-24 00:00:00
cvelist
cvelist
CVE-2009-3369
2009-09-24 16:00:00
ubuntu
ubuntu
BackupPC vulnerability
2009-10-06 00:00:00
prion
prion
Design/Logic Flaw
2009-09-24 16:30:00
nvd
nvd
CVE-2009-3369
2009-09-24 16:30:02
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
72.7%
Related for DEBIANCVE:CVE-2009-3369