BURP: Multiple vulnerabilities — GLSA 201806-03

Multiple vulnerabilities were discovered in BURP's Gentoo ebuild, the worst of which could lead to root privilege escalation.

Affected Packages

app-backup/burp on all architectures
Affected versions < 2.1.32
Unaffected versions >= 2.1.32

Background

A network backup and restore program.

Description

It was discovered that Gentoo’s BURP ebuild does not properly set permissions or place the pid file in a safe directory.

Impact

A local attacker could escalate privileges.

Workaround

Users should ensure the proper permissions are set as discussed in the referenced bugs.

Resolution

All BURP users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-backup/burp-2.1.32"
 

References

Release Date
June 13, 2018

Latest Revision
June 13, 2018: 1

Severity
normal

Exploitable
remote

Bugzilla entries