Debian Security Advisory

DSA-787-1 backup-manager -- insecure permissions and tempfile

Date Reported:

26 Aug 2005

Affected Packages:

backup manager

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 308897, Bug 315582.
In Mitre's CVE dictionary: CVE-2005-1855, CVE-2005-1856.

More information:

Two bugs have been found in backup-manager, a command-line driven backup utility. The Common Vulnerabilities and Exposures project identifies the following problems:

CAN-2005-1855
Jeroen Vermeulen discovered that backup files are created with default permissions making them world readable, even though they may contain sensitive information.
CAN-2005-1856
Sven Joachim discovered that the optional CD-burning feature of backup-manager uses a hardcoded filename in a world-writable directory for logging. This can be subject to a symlink attack.

The old stable distribution (woody) does not provide the backup-manager package.

For the stable distribution (sarge) these problems have been fixed in version 0.5.7-1sarge1.

For the unstable distribution (sid) these problems have been fixed in version 0.5.8-2.

We recommend that you upgrade your backup-manager package.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Source:: http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge1.dsc; http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge1.diff.gz; http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7.orig.tar.gz
Architecture-independent component:: http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge1_all.deb

MD5 checksums of the listed files are available in the original advisory.