oss-sec mailing list archives
Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock
From: Matthias Gerstner <matthias.gerstner () suse de>
Date: Wed, 22 Jan 2020 09:42:45 +0100
Hi Nick,
storeBackup [1] is a tool for performing disk-to-disk backups.[...][1]: http://storebackup.orgEr ... when I looked just now, the page at that URL began :How to Create Cryptocurrency – Simple Strategyand continued:Everyone is aware of the bitcoin which is the cryptocurrency trending in the world of ITIn "the world of IT" we are instantly wondering who exactly has written this webpage about a backup utility .... Should we tell the site owner his site may have been stolen ?
Hmm I never bothered to look deeper into the website but now that you're pointing to it, it looks strange. I can give the upstream author a hint, to check up on his website. This storeBackup project is near-dead anyways, sadly. There seem to be some die hard fans out there that use it, but the author only manages to send out one email roughly every week. There seems to be no code repository for it so we're getting tarballs - not even patches. Thank you for the hint. If I get any more information about the situation of the website I will get back to you. Cheers Matthias
Attachment:
signature.asc
Description:
Current thread:
- CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Matthias Gerstner (Jan 20)
- Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Nick Boyce (Jan 21)
- Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Matthias Gerstner (Jan 22)
- Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Nick Boyce (Jan 21)