CVE-2009-3369
EPSS 4.4%Published: 9/24/2009Modified: 4/28/2026
Description
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.
Affected packages (1)
- Debian/backuppcfrom 0, < 3.1.0-8