CVE-2005-3148

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-3148
StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332434
http://secunia.com/advisories/17025
http://secunia.com/advisories/19489
http://sourceforge.net/project/shownotes.php?release_id=352676 Patch Vendor Advisory
http://www.securityfocus.com/advisories/9384 Vendor Advisory
http://www.us.debian.org/security/2006/dsa-1022
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:storebackup:storebackup:1.1:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.2:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.3:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.4:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.5:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.6:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.7:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.8:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.9:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.10:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.11:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.12:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.12.1:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.12.2:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.13:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.14:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.15:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.16:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.16.1:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.16.2:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.17:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.18:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.18.1:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.18.2:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.18.3:*:*:*:*:*:*:*
cpe:2.3:a:storebackup:storebackup:1.18.4:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:suse:suse_linux:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2005-10-05 21:02

Updated : 2008-09-05 20:53

NVD link : CVE-2005-3148

Mitre link : CVE-2005-3148

CVE.ORG link : CVE-2005-3148

JSON object : View

Products Affected

storebackup

  • storebackup

suse

  • suse_linux
CWE
NVD-CWE-Other