Lucene search

K
ubuntuUbuntuUSN-1444-1
HistoryMay 17, 2012 - 12:00 a.m.

BackupPC vulnerability

2012-05-1700:00:00
ubuntu.com
25

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.0%

Releases

  • Ubuntu 12.04
  • Ubuntu 11.10
  • Ubuntu 11.04
  • Ubuntu 10.04
  • Ubuntu 8.04

Packages

  • backuppc - high-performance, enterprise-grade system for backing up PCs

Details

It was discovered that BackupPC did not properly sanitize its input when
processing RestoreFile error messages, resulting in a cross-site
scripting (XSS) vulnerability. With cross-site scripting vulnerabilities,
if a user were tricked into viewing server output during a crafted server
request, a remote attacker could exploit this to modify the contents, or
steal confidential data, within the same domain.

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchbackuppc< 3.0.0-4ubuntu1.4UNKNOWN
Ubuntu12.04noarchbackuppc< 3.2.1-2ubuntu1.1UNKNOWN
Ubuntu11.10noarchbackuppc< 3.2.1-1ubuntu1.2UNKNOWN
Ubuntu11.04noarchbackuppc< 3.2.0-3ubuntu4.3UNKNOWN
Ubuntu10.04noarchbackuppc< 3.1.0-9ubuntu1.3UNKNOWN

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.0%