|
Family: Debian Local Security Checks --> Category: infos
[DSA1022] DSA-1022-1 storebackup Vulnerability Scan
Vulnerability Scan Summary DSA-1022-1 storebackup
Detailed Explanation for this Vulnerability Test
Several vulnerabilities have been discovered in the backup utility
storebackup. The Common Vulnerabilities and Exposures project identifies
the following problems:
Storebackup creates a temporary file predictably, which can be
exploited to overwrite arbitrary files on the system with a symlink
attack.
The backup root directory wasn't created with fixed permissions, which may lead to
inproper permissions if the umask is too lax.
The user and group rights of symlinks are set incorrectly when making
or restoring a backup, which may leak sensitive data.
The old stable distribution (woody) doesn't contain storebackup packages.
For the stable distribution (sarge) these problems have been fixed in
version 1.18.4-2sarge1.
For the unstable distribution (sid) these problems have been fixed in
version 1.19-2.
We recommend that you upgrade your storebackup package.
Solution : http://www.debian.org/security/2006/dsa-1022
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|