CAN-2005-1064: arbitrary file vuln in rsnapshot URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1064
Reference: FULLDISC:20050410 rsnapshot Security Advisory 001 Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=111317179531000&w=2 Reference: CONFIRM:http://www.rsnapshot.org/security/2005/001.html Reference: SECTRACK:1013674 Reference: URL:http://securitytracker.com/id?1013674 Reference: SECUNIA:14878 Reference: URL:http://secunia.com/advisories/14878 The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary files. Christoph
pgpyFOn0IwHpH.pgp
Description: PGP signature