Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock

Related Vulnerabilities: CVE-2020-7040  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Matthias Gerstner &lt;matthias.gerstner () suse de&gt;

Date: Wed, 22 Jan 2020 09:42:45 +0100

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Hi Nick,

storeBackup [1] is a tool for performing disk-to-disk backups.
[...]
[1]: http://storebackup.org

Er ... when I looked just now, the page at that URL began :

How to Create Cryptocurrency – Simple Strategy

and continued:

Everyone is aware of the bitcoin which is the cryptocurrency
trending in the world of IT

In "the world of IT" we are instantly wondering who exactly has
written this webpage about a backup utility ....   Should we tell the
site owner his site may have been stolen ?

Hmm I never bothered to look deeper into the website but now that you're
pointing to it, it looks strange. I can give the upstream author a hint,
to check up on his website.

This storeBackup project is near-dead anyways, sadly. There seem to be
some die hard fans out there that use it, but the author only manages to
send out one email roughly every week. There seems to be no code
repository for it so we're getting tarballs - not even patches.

Thank you for the hint. If I get any more information about the
situation of the website I will get back to you.

Cheers

Matthias
Attachment:
signature.asc
Description: 

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Matthias Gerstner (Jan 20)

Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Nick Boyce (Jan 21)

Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Matthias Gerstner (Jan 22)

Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Matthias Gerstner (Jan 22)
Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Nick Boyce (Jan 23)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started