Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-3611

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.

Published

2009-10-26T16:30:00.890

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

4.9

Weaknesses

Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	le-web	backintime	0.9.26	Yes
Operating System	fedoraproject	fedora	10	Yes
Operating System	fedoraproject	fedora	11	Yes

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785 Mailing List ([email protected])
http://bugs.gentoo.org/show_bug.cgi?id=289047 Issue Tracking, Patch ([email protected])
http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz Broken Link, Patch ([email protected])
http://marc.info/?l=oss-security&m=125553645511436&w=2 Mailing List ([email protected])
http://marc.info/?l=oss-security&m=125554894700336&w=2 Mailing List ([email protected])
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=520210 Issue Tracking ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.html Mailing List ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00823.html Mailing List ([email protected])
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://bugs.gentoo.org/show_bug.cgi?id=289047 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz Broken Link, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=oss-security&m=125553645511436&w=2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=oss-security&m=125554894700336&w=2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=520210 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00823.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)