MDVSA-2009:253
- Nom du paquet
- backuppc
- Date
- 2009-10-01
- Advisory ID
- MDVSA-2009:253
- Affected versions
- MES5 i586 , MES5 x86_64
Problem description
A vulnerability was discovered and corrected in backuppc:
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in
use in a multi-user environment, does not restrict users from the
ClientNameAlias function, which allows remote authenticated users to
read and write sensitive files by modifying ClientNameAlias to match
another system, then initiating a backup or restore (CVE-2009-3369).
This update provides a fix for this vulnerability.
Updated packages
MES5 i586
25edbc4c4a61aa034e090e6cb706f322 mes5/i586/backuppc-3.1.0-7.1mdvmes5.noarch.rpm 99e10439faaf116a1195c2fa1e926109 mes5/SRPMS/backuppc-3.1.0-7.1mdvmes5.src.rpm
MES5 x86_64
38bfc11aa57f6dc67715d58eeddad8ad mes5/x86_64/backuppc-3.1.0-7.1mdvmes5.noarch.rpm 99e10439faaf116a1195c2fa1e926109 mes5/SRPMS/backuppc-3.1.0-7.1mdvmes5.src.rpm