CVE-2009-3369

Related Files

Ubuntu Security Notice 843-1

Posted Oct 6, 2009

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 843-1 - It was discovered that BackupPC did not restrict normal users from setting the ClientNameAlias parameter. An authenticated user could exploit this to gain access to unauthorized hosts. This update fixed the issue by preventing normal users from modifying the ClientNameAlias configuration parameter.

tags | advisory

systems | linux, ubuntu

advisories | CVE-2009-3369

SHA-256 | c2c0ceac2bfaa730751d6070ef9062181988c7dfb0462ca5d4e446751a8b3888

Download | Favorite | View

Mandriva Linux Security Advisory 2009-253

Posted Oct 2, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-253 - CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore. This update provides a fix for this vulnerability.

tags | advisory, remote

systems | linux, mandriva

advisories | CVE-2009-3369

SHA-256 | a7a4be7bdd9c764e83592e66bf41bac8f96657d7037366d2be25bf868040d2fe

Download | Favorite | View