CVE-2009-3369

CVSS 8.5 - HIGH

Description

CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.

Affected Products

1

Vendor	Product	Version
backuppc	backuppc	`3.1.0`

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5...

http://osvdb.org/57236

http://secunia.com/advisories/36393

http://secunia.com/advisories/37161

https://bugzilla.redhat.com/show_bug.cgi?id=518412

https://www.redhat.com/archives/fedora-package-ann...

https://www.redhat.com/archives/fedora-package-ann...

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5...

http://osvdb.org/57236

http://secunia.com/advisories/36393

http://secunia.com/advisories/37161

https://bugzilla.redhat.com/show_bug.cgi?id=518412

https://www.redhat.com/archives/fedora-package-ann...

https://www.redhat.com/archives/fedora-package-ann...

Weakness Types

CWE-264

CVE Information

CVE ID:: CVE-2009-3369
Published:: 2009-09-24
Modified:: 2026-04-23
CVSS Score:: 8.5
Severity:: HIGH
Vector:: AV:N/AC:M/Au:S/C:C/I:C/A:C

Affected Vendors

backuppc

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL