Vulnerability Description
StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Storebackup | Storebackup | 1.1 |
| Suse | Suse Linux | All versions |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332434
- http://secunia.com/advisories/17025
- http://secunia.com/advisories/19489
- http://sourceforge.net/project/shownotes.php?release_id=352676PatchVendor Advisory
- http://www.securityfocus.com/advisories/9384Vendor Advisory
- http://www.us.debian.org/security/2006/dsa-1022
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332434
- http://secunia.com/advisories/17025
- http://secunia.com/advisories/19489
- http://sourceforge.net/project/shownotes.php?release_id=352676PatchVendor Advisory
- http://www.securityfocus.com/advisories/9384Vendor Advisory
- http://www.us.debian.org/security/2006/dsa-1022
FAQ
What is CVE-2005-3148?
CVE-2005-3148 is a vulnerability with a CVSS score of 4.6 (MEDIUM). StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be res...
How severe is CVE-2005-3148?
CVE-2005-3148 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3148?
Check the references section above for vendor advisories and patch information. Affected products include: Storebackup Storebackup, Suse Suse Linux.