Описание
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | code not present |
| devel | released | 3.1.0-6ubuntu4 |
| hardy | released | 3.0.0-4ubuntu1.1 |
| intrepid | released | 3.1.0-3ubuntu2.1 |
| jaunty | released | 3.1.0-4ubuntu1.1 |
| upstream | released | 3.1.0-7 |
Показывать по
8.5 High
CVSS2
Связанные уязвимости
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in us ...
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.
8.5 High
CVSS2