LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

storebackup: multiple vulnerabilities

Package(s):storebackup CVE #(s):CVE-2005-3146 CVE-2005-3147 CVE-2005-3148
Created:April 4, 2006 Updated:April 4, 2006
Description: Several vulnerabilities have been discovered in the backup utility storebackup.
  • Storebackup creates a temporary file predictably, which can be exploited to overwrite arbitrary files on the system with a symlink attack. (CVE-2005-3146)
  • The backup root directory is created with world-readable permissions, which may leak sensitive data. (CVE-2005-3147)
  • The user and group rights of symlinks are set incorrectly when making or restoring a backup, which may leak sensitive data. (CVE-2005-3148)
Alerts:
Debian DSA-1022-1 2006-04-04
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds