BURP: Multiple vulnerabilities — GLSA 201806-03

Multiple vulnerabilities were discovered in BURP's Gentoo ebuild, the worst of which could lead to root privilege escalation.

Package	app-backup/burp on all architectures
Affected versions	< 2.1.32
Unaffected versions	>= 2.1.32

A network backup and restore program.

It was discovered that Gentoo’s BURP ebuild does not properly set permissions or place the pid file in a safe directory.

A local attacker could escalate privileges.

Users should ensure the proper permissions are set as discussed in the referenced bugs.

All BURP users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-backup/burp-2.1.32"

Release date
June 13, 2018

Latest revision
June 13, 2018: 1

Severity
normal

Exploitable
remote

Bugzilla entries