BackupPC vulnerability

2012-05-1700:00:00

ubuntu.com

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.0%

JSON

Releases

Ubuntu 12.04
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04
Ubuntu 8.04

Packages

backuppc - high-performance, enterprise-grade system for backing up PCs

Details

It was discovered that BackupPC did not properly sanitize its input when
processing RestoreFile error messages, resulting in a cross-site
scripting (XSS) vulnerability. With cross-site scripting vulnerabilities,
if a user were tricked into viewing server output during a crafted server
request, a remote attacker could exploit this to modify the contents, or
steal confidential data, within the same domain.

OSVersionArchitecturePackageVersionFilename
Ubuntu8.04noarchbackuppc< 3.0.0-4ubuntu1.4UNKNOWN
Ubuntu12.04noarchbackuppc< 3.2.1-2ubuntu1.1UNKNOWN
Ubuntu11.10noarchbackuppc< 3.2.1-1ubuntu1.2UNKNOWN
Ubuntu11.04noarchbackuppc< 3.2.0-3ubuntu4.3UNKNOWN
Ubuntu10.04noarchbackuppc< 3.1.0-9ubuntu1.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	8.04	noarch	backuppc	< 3.0.0-4ubuntu1.4	UNKNOWN
Ubuntu	12.04	noarch	backuppc	< 3.2.1-2ubuntu1.1	UNKNOWN
Ubuntu	11.10	noarch	backuppc	< 3.2.1-1ubuntu1.2	UNKNOWN
Ubuntu	11.04	noarch	backuppc	< 3.2.0-3ubuntu4.3	UNKNOWN
Ubuntu	10.04	noarch	backuppc	< 3.1.0-9ubuntu1.3	UNKNOWN