CyberSec.Space Logo
Back to CVE Browser

CVE-2009-3611

HIGH
7.1
CVSS Severity Score
EPSS Score0.1460%
EPSS Percentile35.76th
PublishedOct 26, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.

Affected Platforms (CPE)

πŸ“¦
Le Web

Backintime

= 0.9.26
πŸ’»
Fedoraproject

Fedora

= 10
πŸ’»
Fedoraproject

Fedora

= 11

References & Advisories

πŸ”— http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785
πŸ”— http://bugs.gentoo.org/show_bug.cgi?id=289047
πŸ”— http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz
πŸ”— http://marc.info/?l=oss-security&m=125553645511436&w=2
πŸ”— http://marc.info/?l=oss-security&m=125554894700336&w=2
πŸ”— https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=520210
πŸ”— https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.html

Related Vulnerabilities

CVE-2017-75728.1

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polki...

CVE-2017-166677.8

backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' com...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...