Type: Arbitrary File Access
Product: Idera Server Backup Manager (R1Soft)
Vulnerable Version: 5.4.1 build 39
Fixed Version: 5.4.2 build 71
Idera Server Backup Manager is an affordable, high-performance, disk-to-disk backup software for Linux and Windows servers. (This software was previously more commonly known as R1Soft Backup.)
It is possible for an attacker to tamper with other user archive backups (*.tar.gz) on the server by manipulating the restore to agent feature.
Proof of Concept:
Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.
We have deemed this vulnerability to be rated as HIGH due to the fact that any *.tar.gz archive on the server, including cPanel backups, can be modified.
This vulnerability was tested against Idera Server Backup Manager (R1Soft) v5.4.1 build 39 and is believed to exist in previous versions.
This vulnerability was patched in Idera Server Backup Manager (R1Soft) v5.4.2 build 71.
Vendor Contact Timeline:
2013-09-12: Vendor contacted via email.
2013-09-12: Vendor confirms vulnerability.
2013-10-08: Vendor issues update.
2013-10-08: Rack911 issues security advisory.