ClientNameAlias from the list specified in
CgiUserConfigEdit, users cannot change hostnames, thus closing this hole.
Regards,
David Ambrose-Griffith
--
David Ambrose-Griffith - d.e.ambrose-griff...@durham.ac.uk
Assistant Systems Programmer,
IPPP, Department of Physics, Durham University,
Science
Package: backuppc
Version: 3.1.0-4
Severity: critical
Tags: security
Justification: root security hole
When using an SSH key and Rsync with BackupPC on a system with multiple users,
Users (as opposed to admins) have the ability to change the ClientNameAlias on
machines they are listed as owning
2 matches
Mail list logo
