Improper input validation in Borg - CVE-2016-10100
Published: January 3, 2017
Vulnerability identifier: #VU3082
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-10100
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: The Borg Collective
Affected software:
Borg
Borg
Detailed vulnerability description
The vulnerability allows a remote attacker to overwrite arbitrary archives.
The vulnerability exists due to an error when processing duplicate archive names during manifest recovery. A remote attacker can spoof the names of archives and trick the victim into using malicious file.
The vulnerability exists due to an error when processing duplicate archive names during manifest recovery. A remote attacker can spoof the names of archives and trick the victim into using malicious file.
How to mitigate CVE-2016-10100
Install the latest version 1.0.9.