View Source

A vulnerability is identified in Server Backup Manager which can allow an overwrite of arbitrary files during file restore. Idera thanks [|] for bringing this issue to our attention and working closely with us on resolution. 

h2. Severity

Idera rates this vulnerability as Medium.

h2. Risk Assessment

A link following weakness was discovered in the Server Backup Manager file restore. If an SBM administrator restores files to a path that is writeable by a non-privileged user, it is possible for that user to replace with a symlink attack to overwrite arbitrary files.

A UNIX symbolic link following weakness was discovered in the Server Backup Agent. A user on the server can exploit this weakness when an SBM administrator restores files to a path writeable by the user.   

This issue does not affect hosting control panel self-service file restores.

h2. Risk Mitigation

Users must use one of the following options:

* Immediately upgrade to Server Backup Manager SE 5.6 and Server Backup Agent 5.6 or later.


* SBM backup administrators should not restore files directly to unsecured paths. Instead, restore non-system files to an alternate and secure path, such as owned by root with restricted permissions, and then make the files available to users after the restore is complete.

* Download the user files to a zip/tar and provide that package to the user to unpack, or unpack the files as the target user account via su or sudo \-u.

h2. Vulnerability

Affected versions include:
- Server Backup Manager SE 5.4.3 and earlier
- Server Backup Advanced Edition 5.2.2 and earlier

h2. Fix

{note:title=Upgrade Note: Server Backup Advanced users}
A fix is not yet available for Server Backup Advanced Edition users. These users should use restore to alternate path or download to zip/tar to restore end user files.
These issues are fixed in [Server Backup 5.6|ServerBackup:Server Backup 5.6.0 Release Notes], which you can download from the customer download portal at []. You must upgrade both the Server Backup Manager and Backup Agent.