CVE-2020-7040

Description

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)

Affected packages (2)

• Debian/storebackupfrom 0, < 3.2.1-2
• Debian/storebackupfrom 0, < 3.2.1-1+deb8u1

CVSS scores

References (1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-7040