oss-sec mailing list archives
Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock
From: Matthias Gerstner <matthias.gerstner () suse de>
Date: Wed, 22 Jan 2020 14:07:09 +0100
Hello,
Should we tell the site owner his site may have been stolen ?Hmm I never bothered to look deeper into the website but now that you're pointing to it, it looks strange. I can give the upstream author a hint, to check up on his website.
I have heard back from the author and he told me that storebackup.org never was owned by him, but created by some user of storeBackup, and by now is completely unrelated to the software. He wants to remove any reference to the URL from his documentation. The official upstream website is on GNU Savannah [1]. [1]: https://savannah.nongnu.org/projects/storebackup Cheers Matthias
Attachment:
signature.asc
Description:
Current thread:
- CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Matthias Gerstner (Jan 20)
- Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Nick Boyce (Jan 21)
- Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Matthias Gerstner (Jan 22)
- Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Matthias Gerstner (Jan 22)
- Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Nick Boyce (Jan 23)
- Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Matthias Gerstner (Jan 22)
- Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Nick Boyce (Jan 21)