• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RSnapshot Local File Permission Manipulation Vulnerability

A local file privileges manipulation vulnerability affects rsnapshot. This issue is due to a design error that causes the failure of the utility to properly assign permissions on files referenced by symbolic link files.

An attacker may leverage this issue to change the permissions on arbitrary files backed up by the affected utility. Specifically an attacker can claim ownership of the target file.