Vulnerability CVE-2005-3148


Published: 2005-10-05   Modified: 2012-02-12

Description:
StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SUSE -> Suse linux 
Storebackup -> Storebackup 

 References:
http://sourceforge.net/project/shownotes.php?release_id=352676
http://www.us.debian.org/security/2006/dsa-1022
http://www.securityfocus.com/advisories/9384
http://secunia.com/advisories/19489
http://secunia.com/advisories/17025
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332434

Copyright 2024, cxsecurity.com

 

Back to Top