UbuntuUSN-843-1BackupPC vulnerability
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
6 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.7%
Releases
- Ubuntu 9.04
- Ubuntu 8.10
- Ubuntu 8.04
Packages
- backuppc -
Details
It was discovered that BackupPC did not restrict normal users from setting
the ClientNameAlias parameter. An authenticated user could exploit this to
gain access to unauthorized hosts. This update fixed the issue by
preventing normal users from modifying the ClientNameAlias configuration
parameter.
References
Related
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
6 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.7%