Computer Security
[EN] securityvulns.ru no-pyccku


BackupPC privilege escalation
Published:04.10.2009
Source:
SecurityVulns ID:10287
Type:local
Threat Level:
5/10
Description:Privilege escalation with CgiUserConfigEdit
Affected:BACKUPPC : BackupPC 3.1
CVE:CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:253 ] backuppc (04.10.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod