52 matches found
storeBackup Symbolic Link Attack Vulnerability
StoreBackup is a disk-to-disk backup utility for GNU/Linux. A symbolic link attack vulnerability exists in storeBackup 3.5 and earlier versions. The vulnerability stems from a dependency of storeBackup.pl in storeBackup on the /tmp/storeBackup.lock pathname. An attacker could use this vulnerabili...
DEBIAN-CVE-2020-7040
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that fi...
CVE-2020-7040
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that fi...
Design/Logic Flaw
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that fi...
UBUNTU-CVE-2020-7040
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that fi...
CVE-2020-7040
CVE-2020-7040 affects the StoreBackup tool (storeBackup.pl) up to version 3.5, where it relies on the /tmp/storeBackup.lock path. This allows local attackers to perform a symlink attack or create a plain file named /tmp/storeBackup.lock to block usage, potentially leading to privilege escalation ...
Debian Security Advisory DSA 1022-1 (storebackup)
The remote host is missing an update to storebackup announced via advisory DSA 1022-1. Several vulnerabilities have been discovered in the backup utility storebackup. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3146 Storebackup creates a temporary...
Debian: Security Advisory (DSA-1022-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-1022-1 : storebackup - several vulnerabilities
Several vulnerabilities have been discovered in the backup utility storebackup. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3146 Storebackup creates a temporary file predictably, which can be exploited to overwrite arbitrary files on the system...
DSA-1022-1 storebackup - several
Bulletin has no description...
[SECURITY] [DSA 1022-1] New storebackup packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1022-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 4th, 2006 http://www.debian.org/security/faq -...
CVE-2005-3146
StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files...
CVE-2005-3146
StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files...
CVE-2005-3146
StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files...
DEBIAN-CVE-2005-3148
StoreBackup before 1.19 does not properly set the uid and guid for symbolic links 1 that are backed up by storeBackup.pl, or 2 recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership...
CVE-2005-3147
StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information...
CVE-2005-3147
StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information...
CVE-2005-3148
StoreBackup before 1.19 does not properly set the uid and guid for symbolic links 1 that are backed up by storeBackup.pl, or 2 recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership...
CVE-2005-3148
StoreBackup before 1.19 does not properly set the uid and guid for symbolic links 1 that are backed up by storeBackup.pl, or 2 recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership...
CVE-2005-3147
StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information...