CVE-2009-3611

HIGHCVSS 7.1

7.1

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.

🔗 References (18)

secalert@redhathttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785
secalert@redhathttp://bugs.gentoo.org/show_bug.cgi?id=289047
secalert@redhathttp://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz
secalert@redhathttp://marc.info/?l=oss-security&m=125553645511436&w=2
secalert@redhathttp://marc.info/?l=oss-security&m=125554894700336&w=2
secalert@redhathttps://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256
secalert@redhathttps://bugzilla.redhat.com/show_bug.cgi?id=520210
secalert@redhathttps://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.html
secalert@redhathttps://www.redhat.com/archives/fedora-package-announce/2009-September/msg00823.html
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=289047
af854a3a-2127-422b-91ae-364da2661108http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=125553645511436&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=125554894700336&w=2
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256

Is Your Infrastructure Affected by CVE-2009-3611?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-3611

📅 Published

🔄 Last Modified

🔗 References (18)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-3611?