Fluid Attacks Database

Description

The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary files.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	rsnapshot	>=0 <1.2.1-1	1.2.1-1
debian 12	rsnapshot	>=0 <1.2.1-1	1.2.1-1
debian 13	rsnapshot	>=0 <1.2.1-1	1.2.1-1

Aliases

1. CVE-2005-10642. NVD-2005-10643. OSV-DEBIAN-2005-10644. OSV-2005-10645. SECURITY-TRACKER-CVE-2005-1064

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.