TROYANOSYVIRUS
Voltar para CVEs

CVE-2009-3611

HIGH
7.1

Descricao

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.

Detalhes CVE

Pontuacao CVSS v3.17.1
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado10/26/2009
Ultima modificacao4/23/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

fedoraproject:fedorale-web:backintime

Fraquezas (CWE)

CWE-732

Referencias

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785(secalert@redhat.com)
http://bugs.gentoo.org/show_bug.cgi?id=289047(secalert@redhat.com)
http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz(secalert@redhat.com)
http://marc.info/?l=oss-security&m=125553645511436&w=2(secalert@redhat.com)
http://marc.info/?l=oss-security&m=125554894700336&w=2(secalert@redhat.com)
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=520210(secalert@redhat.com)
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.html(secalert@redhat.com)
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00823.html(secalert@redhat.com)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785(af854a3a-2127-422b-91ae-364da2661108)
http://bugs.gentoo.org/show_bug.cgi?id=289047(af854a3a-2127-422b-91ae-364da2661108)
http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=oss-security&m=125553645511436&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=oss-security&m=125554894700336&w=2(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=520210(af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00823.html(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.