CVE-2009-3611

{"id": "CVE-2009-3611", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2009-10-26T16:30:00.890", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=289047", "tags": ["Issue Tracking", "Patch"], "source": "secalert@redhat.com"}, {"url": "http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz", "tags": ["Broken Link", "Patch"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=oss-security&m=125553645511436&w=2", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=oss-security&m=125554894700336&w=2", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=520210", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.html", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00823.html", "tags": ["Mailing List"], "source": "secalert@redhat.com"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=289047", "tags": ["Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz", "tags": ["Broken Link", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=oss-security&m=125553645511436&w=2", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=oss-security&m=125554894700336&w=2", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=520210", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00823.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots."}, {"lang": "es", "value": "common/snapshots.py en Back In Time (tambi\u00e9n conocido como backintime) v0.9.26 cambia ciertos permisos al valor 0777 antes de eliminar los ficheros en una copia de seguridad antigua de un punto de restauraci\u00f3n, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de esos ficheros, o interferir con la integridad de la copia de seguridad modificando ficheros que est\u00e1n compartidos a trav\u00e9s de puntos de restauraci\u00f3n.\r\n"}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:le-web:backintime:0.9.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6A8AFD9-1CE5-4985-911E-648A7206B365"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7000D33B-F3C7-43E8-8FC7-9B97AADC3E12"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}