TROYANOSYVIRUS
Volver a CVEs

CVE-2009-3611

HIGH
7.1

Descripcion

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.

Detalles CVE

Puntuacion CVSS v3.17.1
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado10/26/2009
Ultima modificacion4/23/2026
Fuentenvd
Avistamientos honeypot0

Productos afectados

fedoraproject:fedorale-web:backintime

Debilidades (CWE)

CWE-732

Referencias

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785(secalert@redhat.com)
http://bugs.gentoo.org/show_bug.cgi?id=289047(secalert@redhat.com)
http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz(secalert@redhat.com)
http://marc.info/?l=oss-security&m=125553645511436&w=2(secalert@redhat.com)
http://marc.info/?l=oss-security&m=125554894700336&w=2(secalert@redhat.com)
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=520210(secalert@redhat.com)
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.html(secalert@redhat.com)
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00823.html(secalert@redhat.com)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785(af854a3a-2127-422b-91ae-364da2661108)
http://bugs.gentoo.org/show_bug.cgi?id=289047(af854a3a-2127-422b-91ae-364da2661108)
http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=oss-security&m=125553645511436&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=oss-security&m=125554894700336&w=2(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=520210(af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00823.html(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.