Your message dated Sat, 17 Oct 2009 01:58:05 +0000
with message-id <e1myyyx-0003jc...@ries.debian.org>
and subject line Bug#542218: fixed in backuppc 3.1.0-4lenny3
has caused the Debian Bug report #542218,
regarding backuppc: Security hole when using rsync and multiple users
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
542218: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542218
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: backuppc
Version: 3.1.0-4
Severity: critical
Tags: security
Justification: root security hole
When using an SSH key and Rsync with BackupPC on a system with multiple users,
Users (as opposed to admins) have the ability to change the ClientNameAlias on
machines they are listed as owning.
As BackupPC user has one ssh key, which can be in the authorized keys of many
machines (often as root), this allows a user to backup from and restore to any
machines that key gives access to, by changing the ClientNameAlias to the
target machine and initiating a backup.
I've just tested this, and as an unpriviledged user was able to change backing
up /scratch on my desktop to /etc on a server and then read /etc/shadow from
the server.
Whilst I haven't tested this, I see no reason I couldn't restore to the server
as well, thus changing arbitrary files as root (and gaining root access).
-- System Information:
Debian Release: 5.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages backuppc depends on:
ii adduser 3.110 add and remove users and groups
ii apache2 2.2.9-10+lenny2 Apache HTTP Server metapackage
ii apache2-mpm-worker [http 2.2.9-10+lenny2 Apache HTTP Server - high speed th
ii bzip2 1.0.5-1 high-quality block-sorting file co
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii dpkg 1.14.25 Debian package management system
ii libarchive-zip-perl 1.18-1 Module for manipulation of ZIP arc
ii libcompress-zlib-perl 2.012-1 Perl module for creation and manip
ii perl [libdigest-md5-perl 5.10.0-19 Larry Wall's Practical Extraction
ii perl-suid 5.10.0-19 Runs setuid Perl scripts
ii samba-common 2:3.2.5-4lenny2 Samba common files used by both th
ii smbclient 2:3.2.5-4lenny2 a LanManager-like simple client fo
ii tar 1.20-1 GNU version of the tar archiving u
Versions of packages backuppc recommends:
ii libfile-rsyncp-perl 0.68-1.1+b1 A perl based implementation of an
ii openssh-client [ssh-client] 1:5.1p1-5 secure shell client, an rlogin/rsh
ii postfix [mail-transport-agen 2.5.5-1.1 High-performance mail transport ag
ii rrdtool 1.3.1-4 Time-series data storage and displ
ii rsync 3.0.3-2 fast remote file copy program (lik
Versions of packages backuppc suggests:
pn par2 <none> (no description available)
ii w3m [www-browser] 0.5.2-2+b1 WWW browsable pager with excellent
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: backuppc
Source-Version: 3.1.0-4lenny3
We believe that the bug you reported is fixed in the latest version of
backuppc, which is due to be installed in the Debian FTP archive:
backuppc_3.1.0-4lenny3.diff.gz
to pool/main/b/backuppc/backuppc_3.1.0-4lenny3.diff.gz
backuppc_3.1.0-4lenny3.dsc
to pool/main/b/backuppc/backuppc_3.1.0-4lenny3.dsc
backuppc_3.1.0-4lenny3_all.deb
to pool/main/b/backuppc/backuppc_3.1.0-4lenny3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 542...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ludovic Drolez <ldro...@debian.org> (supplier of updated backuppc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 09 Oct 2009 22:16:44 +0200
Source: backuppc
Binary: backuppc
Architecture: source all
Version: 3.1.0-4lenny3
Distribution: stable-proposed-updates
Urgency: high
Maintainer: Ludovic Drolez <ldro...@debian.org>
Changed-By: Ludovic Drolez <ldro...@debian.org>
Description:
backuppc - high-performance, enterprise-grade system for backing up PCs
Closes: 542218
Changes:
backuppc (3.1.0-4lenny3) stable-proposed-updates; urgency=high
.
* Better fix for the "alias" security hole. Closes: #542218
Checksums-Sha1:
f78bbc27d42326351ef83129e171e39bb45c72ef 1033 backuppc_3.1.0-4lenny3.dsc
b4f23213b9452ce0620c5d44295aa66f6b312a63 25163 backuppc_3.1.0-4lenny3.diff.gz
19147788fce9f3441f799b06057c23fe383588ab 541660 backuppc_3.1.0-4lenny3_all.deb
Checksums-Sha256:
da98b3104473801323eadff1048b56f39f0ed284625350b158e985a7cf10c620 1033
backuppc_3.1.0-4lenny3.dsc
cc0c6418348d0d42923645db22c6a46cbb5417bf81af9ffca71cf71c15b757f9 25163
backuppc_3.1.0-4lenny3.diff.gz
1f62096a4125eb607949f37b8635f5353b4036214632bd48c984be628a221c16 541660
backuppc_3.1.0-4lenny3_all.deb
Files:
6f62eb1f0ef40c33170d9710c107f59c 1033 utils optional backuppc_3.1.0-4lenny3.dsc
e211a0d8752f720fa15ee09904f61775 25163 utils optional
backuppc_3.1.0-4lenny3.diff.gz
f16c2b9efd5f44ab7c4c8e53cfd2e567 541660 utils optional
backuppc_3.1.0-4lenny3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkrPmmYACgkQsRlQAP1GppjU+QCeKzg50TLD4YPmX51GNF3xob5e
nHoAnjcUO+rVzBFF8g5qUgz9FzD6F2bT
=6rGj
-----END PGP SIGNATURE-----
--- End Message ---
