CVE-2009-3369
EPSS 4.4%發布日:2009/9/24修改日:2026/4/28
也稱為:DEBIAN-CVE-2009-3369
描述
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.
受影響套件(1)
- Debian/backuppcfrom 0, < 3.1.0-8