compared with
Current by Nadja Pollard
on Aug 27, 2014 10:08.

This line was removed.
This word was removed. This word was added.
This line was added.

Changes (5)

View Page History
A vulnerability is identified in Server Backup Manager which can allow an overwrite of arbitrary files during file restore. Idera thanks [|] for bringing this issue to our attention and working closely with us on resolution. 

h32. Severity

Idera rates this vulnerability as Medium.

h32. Risk Assessment

A link following weakness was discovered in the Server Backup Manager file restore. If an SBM administrator restores files to a path that is writeable by a non-privileged user, it is possible for that user to replace with a symlink attack to overwrite arbitrary files.
This issue does not affect hosting control panel self-service file restores.

h32. Risk Mitigation

Users must use one of the following options:
* Download the user files to a zip/tar and provide that package to the user to unpack, or unpack the files as the target user account via su or sudo \-u.

h32. Vulnerability

Affected versions include:
- Server Backup Advanced Edition 5.2.2 and earlier

h32. Fix

{note:title=Upgrade Note: Server Backup Advanced users}