common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.
References
Configurations
History
21 Nov 2024, 01:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785 - Mailing List | |
References | () http://bugs.gentoo.org/show_bug.cgi?id=289047 - Issue Tracking, Patch | |
References | () http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz - Broken Link, Patch | |
References | () http://marc.info/?l=oss-security&m=125553645511436&w=2 - Mailing List | |
References | () http://marc.info/?l=oss-security&m=125554894700336&w=2 - Mailing List | |
References | () https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=520210 - Issue Tracking | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.html - Mailing List | |
References | () https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00823.html - Mailing List |
25 Jan 2024, 21:37
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-732 | |
CPE | cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 3.6
v3 : 7.1 |
References | (CONFIRM) http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz - Broken Link, Patch | |
References | (MLIST) http://marc.info/?l=oss-security&m=125554894700336&w=2 - Mailing List | |
References | (CONFIRM) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785 - Mailing List | |
References | (MLIST) http://marc.info/?l=oss-security&m=125553645511436&w=2 - Mailing List | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.html - Mailing List | |
References | (CONFIRM) http://bugs.gentoo.org/show_bug.cgi?id=289047 - Issue Tracking, Patch | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00823.html - Mailing List | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=520210 - Issue Tracking | |
References | (CONFIRM) https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256 - Third Party Advisory |
Information
Published : 2009-10-26 16:30
Updated : 2024-11-21 01:07
NVD link : CVE-2009-3611
Mitre link : CVE-2009-3611
CVE.ORG link : CVE-2009-3611
JSON object : View
Products Affected
fedoraproject
- fedora
le-web
- backintime
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource