Back to search
CVE-2009-3369
Published: Sep 24, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.redhat.com/show_bug.cgi?id=518412
x_refsource_CONFIRM
36393
third-party-advisory
x_refsource_SECUNIA
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542218
x_refsource_MISC
FEDORA-2009-9973
vendor-advisory
x_refsource_FEDORA
FEDORA-2009-9982
vendor-advisory
x_refsource_FEDORA
37161
third-party-advisory
x_refsource_SECUNIA
57236
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now