CVE: CVE-2009-3611

Export to Word

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information

EPSS

Score: 0.00059
Percentile: 0.18634

CVSS Scoring

CVSS v3.1 Score: 7.1

Severity: HIGH

Mapped CWE(s)

CWE-732 : Incorrect Permission Assignment for Critical Resource

All CAPEC(s)

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
CAPEC-122: Privilege Abuse
CAPEC-127: Directory Indexing
CAPEC-17: Using Malicious Files
CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
CAPEC-206: Signing Malicious Code
CAPEC-234: Hijacking a privileged process
CAPEC-60: Reusing Session IDs (aka Session Replay)
CAPEC-61: Session Fixation
CAPEC-62: Cross Site Request Forgery
CAPEC-642: Replace Binaries

CAPEC(s) with Mapped TTPs

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
Mapped TTPs:
- T1574.010 : Services File Permissions Weakness
CAPEC-122: Privilege Abuse
Mapped TTPs:
- T1548 : Abuse Elevation Control Mechanism
CAPEC-127: Directory Indexing
Mapped TTPs:
- T1083 : File and Directory Discovery
CAPEC-17: Using Malicious Files
Mapped TTPs:
- T1574.005 : Executable Installer File Permissions Weakness
- T1574.010 : Services File Permissions Weakness
CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels
Mapped TTPs:
- T1574.010 : Services File Permissions Weakness
CAPEC-206: Signing Malicious Code
Mapped TTPs:
- T1553.002 : Code Signing
CAPEC-60: Reusing Session IDs (aka Session Replay)
Mapped TTPs:
- T1134.001 : Token Impersonation/Theft
- T1550.004 : Web Session Cookie
CAPEC-642: Replace Binaries
Mapped TTPs:
- T1505.005 : Terminal Services DLL
- T1554 : Compromise Host Software Binary
- T1574.005 : Executable Installer File Permissions Weakness

Mapped ATT&CK TTPs

T1574.010 : Services File Permissions Weakness
Kill Chain: persistence
T1548 : Abuse Elevation Control Mechanism
Kill Chain: privilege-escalation
T1083 : File and Directory Discovery
Kill Chain: discovery
T1574.005 : Executable Installer File Permissions Weakness
Kill Chain: persistence
T1574.010 : Services File Permissions Weakness
Kill Chain: persistence
T1574.010 : Services File Permissions Weakness
Kill Chain: persistence
T1553.002 : Code Signing
Kill Chain: defense-evasion
T1134.001 : Token Impersonation/Theft
Kill Chain: defense-evasion
T1550.004 : Web Session Cookie
Kill Chain: defense-evasion
T1505.005 : Terminal Services DLL
Kill Chain: persistence
T1554 : Compromise Host Software Binary
Kill Chain: persistence
T1574.005 : Executable Installer File Permissions Weakness
Kill Chain: persistence

Malware

APTs Threat Group Associations

Campaigns

Operation Wocao
APT41 DUST
SolarWinds Compromise
Operation CuckooBees
Operation Honeybee
2016 Ukraine Electric Power Attack
RedDelta Modified PlugX Infection Chain Operations
Operation Dream Job
C0015
Night Dragon
HomeLand Justice
Cutting Edge
KV Botnet Activity

Affected Products

cpe:2.3:a:le-web:backintime:0.9.26:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*

← Back to Home