GoogleOSV:DSA-787-1backup-manager - insecure permissions and tempfile
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
Two bugs have been found in backup-manager, a command-line driven
backup utility. The Common Vulnerabilities and Exposures project
identifies the following problems:
-
CAN-2005-1855
Jeroen Vermeulen discovered that backup files are created with
default permissions making them world readable, even though they
may contain sensitive information. -
CAN-2005-1856
Sven Joachim discovered that the optional CD-burning feature of
backup-manager uses a hardcoded filename in a world-writable
directory for logging. This can be subject to a symlink attack.
The old stable distribution (woody) does not provide the
backup-manager package.
For the stable distribution (sarge) these problems have been fixed in
version 0.5.7-1sarge1.
For the unstable distribution (sid) these problems have been fixed in
version 0.5.8-2.
We recommend that you upgrade your backup-manager package.
| CPE | Name | Operator | Version |
|---|---|---|---|
| backup-manager | eq | 0.5.7-1 |
References
Related
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N