Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-3611 | First vendor Publication | 2009-10-26 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | |||
|---|---|---|---|
| Overall CVSS Score | 7.1 | ||
| Base Score | 7.1 | Environmental Score | 7.1 |
| impact SubScore | 5.2 | Temporal Score | 7.1 |
| Exploitabality Sub Score | 1.8 | ||
| Attack Vector | Local | Attack Complexity | Low |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 3.6 | Attack Range | Local |
| Cvss Impact Score | 4.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3611 |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
| CAPEC-17 | Accessing, Modifying or Executing Executable Files |
| CAPEC-60 | Reusing Session IDs (aka Session Replay) |
| CAPEC-61 | Session Fixation |
| CAPEC-62 | Cross Site Request Forgery (aka Session Riding) |
| CAPEC-122 | Exploitation of Authorization |
| CAPEC-180 | Exploiting Incorrectly Configured Access Control Security Levels |
| CAPEC-232 | Exploitation of Privilege/Trust |
| CAPEC-234 | Hijacking a privileged process |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-732 | Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Os | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-09-28 | Name : Fedora Core 11 FEDORA-2009-9282 (backintime) File : nvt/fcore_2009_9282.nasl |
| 2009-09-28 | Name : Fedora Core 10 FEDORA-2009-9298 (backintime) File : nvt/fcore_2009_9298.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 57432 | Back In Time File Snapshot Deletion Permission Weakness Information Disclosure |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-09-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9282.nasl - Type : ACT_GATHER_INFO |
| 2009-09-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-9298.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:10:06 |
|
| 2024-11-28 12:19:59 |
|
| 2024-01-26 00:28:04 |
|
| 2019-05-10 12:03:01 |
|
| 2014-02-17 10:51:57 |
|
| 2013-05-10 23:59:27 |
|
