|
Key
This line was removed.
This word was removed. This word was added.
This line was added.
|
Changes (5)
View Page HistoryA vulnerability is identified in Server Backup Manager which can allow an overwrite of arbitrary files during file restore. Idera thanks [www.rack911.com|http://www.rack911.com/] for bringing this issue to our attention and working closely with us on resolution.
h32. Severity
Idera rates this vulnerability as Medium.
h32. Risk Assessment
A link following weakness was discovered in the Server Backup Manager file restore. If an SBM administrator restores files to a path that is writeable by a non-privileged user, it is possible for that user to replace with a symlink attack to overwrite arbitrary files.
...
This issue does not affect hosting control panel self-service file restores.
h32. Risk Mitigation
Users must use one of the following options:
...* Download the user files to a zip/tar and provide that package to the user to unpack, or unpack the files as the target user account via su or sudo \-u.
h32. Vulnerability
Affected versions include:
...- Server Backup Advanced Edition 5.2.2 and earlier
h32. Fix
{note:title=Upgrade Note: Server Backup Advanced users}
...