Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-3611 | First vendor Publication | 2009-10-26 |
Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | |||
---|---|---|---|
Overall CVSS Score | 7.1 | ||
Base Score | 7.1 | Environmental Score | 7.1 |
impact SubScore | 5.2 | Temporal Score | 7.1 |
Exploitabality Sub Score | 1.8 | ||
Attack Vector | Local | Attack Complexity | Low |
Privileges Required | Low | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | None |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 3.6 | Attack Range | Local |
Cvss Impact Score | 4.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3611 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
CAPEC-17 | Accessing, Modifying or Executing Executable Files |
CAPEC-60 | Reusing Session IDs (aka Session Replay) |
CAPEC-61 | Session Fixation |
CAPEC-62 | Cross Site Request Forgery (aka Session Riding) |
CAPEC-122 | Exploitation of Authorization |
CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels |
CAPEC-232 | Exploitation of Privilege/Trust |
CAPEC-234 | Hijacking a privileged process |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-732 | Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Os | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2009-09-28 | Name : Fedora Core 11 FEDORA-2009-9282 (backintime) File : nvt/fcore_2009_9282.nasl |
2009-09-28 | Name : Fedora Core 10 FEDORA-2009-9298 (backintime) File : nvt/fcore_2009_9298.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
57432 | Back In Time File Snapshot Deletion Permission Weakness Information Disclosure |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-09-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9282.nasl - Type : ACT_GATHER_INFO |
2009-09-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9298.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 23:10:06 |
|
2024-11-28 12:19:59 |
|
2024-01-26 00:28:04 |
|
2019-05-10 12:03:01 |
|
2014-02-17 10:51:57 |
|
2013-05-10 23:59:27 |
|