Backup Manager Discloses '/etc' Files to Local Users
|
|
SecurityTracker Alert ID: 1014124 |
|
SecurityTracker URL: http://securitytracker.com/id/1014124
|
|
CVE Reference:
CVE-2005-1855
(Links to External Site)
|
Updated: Nov 2 2008
|
Original Entry Date: Jun 7 2005
|
Impact:
Disclosure of system information, Disclosure of user information
|
Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): prior to 0.5.8
|
Description:
A vulnerability was reported in Backup Manager. A local user can view potentially restricted files.
The software creates backup files in a world-readable location. In the default configuration, the software stores a world-readable tar file of the '/etc' directory in the '/var/backups' directory. This allows a local user to view the tar file to gain access to copies of the files from the '/etc' directory.
Jeroen Vermeulen reported this vulnerability.
|
Impact:
A local user can view copies of files from the '/etc' directory.
|
Solution:
The vendor has included a fix in the pending version 0.5.8, to be available at:
http://www.sukria.net/packages/backup-manager/
http://www.sukria.net/packages/backup-manager/sources/
|
Vendor URL: www.sukria.net/packages/backup-manager/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 13 May 2005 12:04:50 +0700
Subject: backup-manager: secure repository
|
Creating a world-readable repository would be a serious security breach.
I may be mistaken, but AFAICS the installation script fails to check
this or warn about it. It doesn't enforce it in any case; I just
realized I had a world-readable repository in a working setup.
Are there any steps that can be taken to encourage secure configuration,
e.g. creating the repository at installation time with root-only access
rights, or chmod'ing it if it already exists? Or alternatively, create
the backups with root-only access rights and/or encrypt them.
|
|
