7.1

CVE-2009-3611

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Le-webBackintime Version0.9.26
FedoraprojectFedora Version10
FedoraprojectFedora Version11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.217
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:P/I:P/A:N
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785
Mailing List
http://bugs.gentoo.org/show_bug.cgi?id=289047
Patch
Issue Tracking
http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz
Patch
Broken Link
http://marc.info/?l=oss-security&m=125553645511436&w=2
Mailing List
http://marc.info/?l=oss-security&m=125554894700336&w=2
Mailing List
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=520210
Issue Tracking
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00823.html
Mailing List