Package(s):	storebackup	CVE #(s):	CVE-2005-3146 CVE-2005-3147 CVE-2005-3148
Created:	April 4, 2006	Updated:	April 4, 2006
Description:	Several vulnerabilities have been discovered in the backup utility storebackup. Storebackup creates a temporary file predictably, which can be exploited to overwrite arbitrary files on the system with a symlink attack. (CVE-2005-3146) The backup root directory is created with world-readable permissions, which may leak sensitive data. (CVE-2005-3147) The user and group rights of symlinks are set incorrectly when making or restoring a backup, which may leak sensitive data. (CVE-2005-3148)
Alerts:	Debian DSA-1022-1 storebackup 2006-04-04

---

to post comments