Computer Security

BackupPC privilege escalation
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



BackupPC privilege escalation
Published:04.10.2009
Source:BUGTRAQ
SecurityVulns ID:10287
Type:local
Level:5/10
Description:Privilege escalation with CgiUserConfigEdit
Affected:BACKUPPC : BackupPC 3.1
CVE:CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:253 ] backuppc (04.10.2009)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru