oss-sec mailing list archives

Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock

From: Nick Boyce <nick.boyce () gmail com>
Date: Tue, 21 Jan 2020 17:36:25 +0000

On Mon, 20 Jan 2020 at 13:42, Matthias Gerstner <mgerstner () suse de> wrote:

storeBackup [1] is a tool for performing disk-to-disk backups.

[...]

[1]: http://storebackup.org


Er ... when I looked just now, the page at that URL began :

How to Create Cryptocurrency – Simple Strategy


and continued:

Everyone is aware of the bitcoin which is the cryptocurrency
trending in the world of IT


In "the world of IT" we are instantly wondering who exactly has
written this webpage about a backup utility ....   Should we tell the
site owner his site may have been stolen ?

Matthias ?

Cheers,
Nick

Current thread:

CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Matthias Gerstner (Jan 20)
- Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Nick Boyce (Jan 21)
  - Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Matthias Gerstner (Jan 22)
    - Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Matthias Gerstner (Jan 22)
    - Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Nick Boyce (Jan 23)