Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.801107
Category:General
Title:BackupPC 'ClientNameAlias' Function Security Bypass Vulnerability
Summary:This host has BackupPC intallation and is prone to security; bypass vulnerability.
Description:Summary:
This host has BackupPC intallation and is prone to security
bypass vulnerability.

Vulnerability Insight:
The security issue is due to the application allowing users to
set the 'ClientNameAlias' option for configured hosts. This can be exploited to
backup arbitrary directories from client systems for which Rsync over SSH is
configured as a transfer method.

Vulnerability Impact:
Successful attacks may allow remote authenticated users to read
and write sensitive files by modifying ClientNameAlias to match another system,
then initiating a backup or restore on the victim's system.

Affected Software/OS:
BackupPC version 3.1.0 and prior.

Solution:
Update to version 3.1.0-7 or later.

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:M/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-3369
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00729.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00694.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542218
http://osvdb.org/57236
http://secunia.com/advisories/36393
http://secunia.com/advisories/37161
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.