86 matches found
CVE-2009-3369
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then...
CVE-2009-3369
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then...
Design/Logic Flaw
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then...
CVE-2009-3369
CVE-2009-3369 affects BackupPC 3.1.0 where CgiUserConfigEdit does not restrict ClientNameAlias in multi-user setups using SSH keys and Rsync, allowing remote authenticated users to read/write sensitive files by aliasing to another system during backup/restore. The issue is due to insufficient res...
CVE-2009-3369
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then...
PT-2009-5676
Name of the Vulnerable Software and Affected Versions: BackupPC version 3.1.0 Description: The issue allows remote authenticated users to read and write sensitive files by modifying the ClientNameAlias function to match another system and then initiating a backup or restore. This is possible when...