CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-3611

HIGH
7.1
CVSS Severity Score
EPSS Score0.1460%
EPSS Percentile35.76th
Published2009年10月26日
Last Modified2026年4月23日

Vulnerability Description

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.

Affected Platforms (CPE)

📦
Le Web

Backintime

= 0.9.26
💻
Fedoraproject

Fedora

= 10
💻
Fedoraproject

Fedora

= 11

References & Advisories

🔗 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785
🔗 http://bugs.gentoo.org/show_bug.cgi?id=289047
🔗 http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gz
🔗 http://marc.info/?l=oss-security&m=125553645511436&w=2
🔗 http://marc.info/?l=oss-security&m=125554894700336&w=2
🔗 https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=520210
🔗 https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.html

関連する脆弱性情報

CVE-2017-75728.1

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polki...

CVE-2017-166677.8

backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' com...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...