QwikSec

Security Database

CVE

CWE

Training

CVE-2009-3611

Published: Oct 26, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785

x_refsource_CONFIRM

http://bugs.gentoo.org/show_bug.cgi?id=289047

x_refsource_CONFIRM

http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz

x_refsource_CONFIRM

[oss-security] 20091014 Re: CVE Request - backintime

mailing-list

x_refsource_MLIST

FEDORA-2009-9282

vendor-advisory

x_refsource_FEDORA

[oss-security] 20091014 CVE Request - backintime

mailing-list

x_refsource_MLIST

https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=520210

x_refsource_CONFIRM

FEDORA-2009-9298

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.