oss-sec mailing list archives
Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock
From: Nick Boyce <nick.boyce () gmail com>
Date: Thu, 23 Jan 2020 15:17:27 +0000
On Wed, 22 Jan 2020 at 13:24, Matthias Gerstner <matthias.gerstner () suse de> wrote:
Should we tell the site owner his site may have been stolen ?Hmm I never bothered to look deeper into the website but now that you're pointing to it, it looks strange. I can give the upstream author a hint,
[...]
I have heard back from the author and he told me that storebackup.org never was owned by him, but created by some user of storeBackup
[...]
The official upstream website is on GNU Savannah [1]. [1]: https://savannah.nongnu.org/projects/storebackup
Thanks Matthias for the clarification. Nick
Current thread:
- CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Matthias Gerstner (Jan 20)
- Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Nick Boyce (Jan 21)
- Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Matthias Gerstner (Jan 22)
- Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Matthias Gerstner (Jan 22)
- Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Nick Boyce (Jan 23)
- Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Matthias Gerstner (Jan 22)
- Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock Nick Boyce (Jan 21)