GoogleOSV:DSA-1022-1storebackup - several
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
Several vulnerabilities have been discovered in the backup utility
storebackup. The Common Vulnerabilities and Exposures project identifies
the following problems:
- CVE-2005-3146
Storebackup creates a temporary file predictably, which can be
exploited to overwrite arbitrary files on the system with a symlink
attack. - CVE-2005-3147
The backup root directory wasn’t created with fixed permissions, which may lead to
inproper permissions if the umask is too lax. - CVE-2005-3148
The user and group rights of symlinks are set incorrectly when making
or restoring a backup, which may leak sensitive data.
The old stable distribution (woody) doesn’t contain storebackup packages.
For the stable distribution (sarge) these problems have been fixed in
version 1.18.4-2sarge1.
For the unstable distribution (sid) these problems have been fixed in
version 1.19-2.
We recommend that you upgrade your storebackup package.
| CPE | Name | Operator | Version |
|---|---|---|---|
| storebackup | eq | 1.18.4-2 |
References
Related
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P