Lucene search

Ubuntu.comUB:CVE-2009-3611

HistoryOct 26, 2009 - 12:00 a.m.

CVE-2009-3611

2009-10-2600:00:00

ubuntu.com

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

Percentile

5.1%

JSON

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain
permissions to 0777 before deleting the files in an old backup snapshot,
which allows local users to obtain sensitive information by reading these
files, or interfere with backup integrity by modifying files that are
shared across snapshots.

References

launchpad.net/bugs/cve/CVE-2009-3611

nvd.nist.gov/vuln/detail/CVE-2009-3611

security-tracker.debian.org/tracker/CVE-2009-3611

www.cve.org/CVERecord?id=CVE-2009-3611

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

Percentile

5.1%

JSON

Related for UB:CVE-2009-3611