Article Source Ubuntu Security Notices
October 6, 2009, 10:32 am
October 6, 2009, 10:32 am
It was discovered that BackupPC did not restrict normal users from setting the ClientNameAlias parameter. An authenticated user could exploit this to gain access to unauthorized hosts. This update fixed the issue by preventing normal users from modifying the ClientNameAlias configuration parameter…