Lucene search
PRIOn knowledge basePRION:CVE-2009-3369HistorySep 24, 2009 - 4:30 p.m.
Design/Logic Flaw
2009-09-2416:30:00
PRIOn knowledge base
www.prio-n.com
4
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=542218
osvdb.org/57236
secunia.com/advisories/36393
secunia.com/advisories/37161
bugzilla.redhat.com/show_bug.cgi?id=518412
www.redhat.com/archives/fedora-package-announce/2009-October/msg00694.html
www.redhat.com/archives/fedora-package-announce/2009-October/msg00729.html
Related
openvas
openvas
Mandrake Security Advisory MDVSA-2009:253 (backuppc)
2009-10-06 00:00:00
Fedora Core 11 FEDORA-2009-9982 (BackupPC)
2009-11-11 00:00:00
Ubuntu: Security Advisory (USN-843-1)
2009-10-13 00:00:00
cve
cve
CVE-2009-3369
2009-09-24 16:30:02
nessus
nessus
Fedora 10 : BackupPC-3.1.0-6.fc10 (2009-9973)
2009-10-28 00:00:00
Fedora 11 : BackupPC-3.1.0-7.fc11 (2009-9982)
2009-10-28 00:00:00
Ubuntu 8.04 LTS / 8.10 / 9.04 : backuppc vulnerability (USN-843-1)
2009-10-07 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: BackupPC-3.1.0-6.fc10
2009-10-27 07:01:14
[SECURITY] Fedora 11 Update: BackupPC-3.1.0-7.fc11
2009-10-27 06:56:24
securityvulns
securityvulns
[ MDVSA-2009:253 ] backuppc
2009-10-04 00:00:00
BackupPC privilege escalation
2009-10-04 00:00:00
ubuntucve
ubuntucve
CVE-2009-3369
2009-09-24 00:00:00
ubuntu
ubuntu
BackupPC vulnerability
2009-10-06 00:00:00
cvelist
cvelist
CVE-2009-3369
2009-09-24 16:00:00
debiancve
debiancve
CVE-2009-3369
2009-09-24 16:30:02
nvd
nvd
CVE-2009-3369
2009-09-24 16:30:02