storeBackup.pl in storeBackup up to and including 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
storebackup storebackup |
||
debian debian linux 8.0 |
||
opensuse leap 15.1 |
||
opensuse backports sle 15.0 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 20.04 |
||
canonical ubuntu linux 16.04 |