Nom du paquet
backuppc
Date
2009-10-01
Advisory ID
MDVSA-2009:253
Affected versions
MES5 i586 , MES5 x86_64

Problem description

A vulnerability was discovered and corrected in backuppc:

CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in
use in a multi-user environment, does not restrict users from the
ClientNameAlias function, which allows remote authenticated users to
read and write sensitive files by modifying ClientNameAlias to match
another system, then initiating a backup or restore (CVE-2009-3369).

This update provides a fix for this vulnerability.

Updated packages

MES5 i586

 25edbc4c4a61aa034e090e6cb706f322  mes5/i586/backuppc-3.1.0-7.1mdvmes5.noarch.rpm 
 99e10439faaf116a1195c2fa1e926109  mes5/SRPMS/backuppc-3.1.0-7.1mdvmes5.src.rpm

MES5 x86_64

 38bfc11aa57f6dc67715d58eeddad8ad  mes5/x86_64/backuppc-3.1.0-7.1mdvmes5.noarch.rpm 
 99e10439faaf116a1195c2fa1e926109  mes5/SRPMS/backuppc-3.1.0-7.1mdvmes5.src.rpm

References