Type: Arbitrary File Overwrite
Product: Idera Server Backup Manager (R1Soft)
Vulnerable Version: 5.4.1 build 39
Fixed Version: 5.4.2 build 71
Idera Server Backup Manager is an affordable, high-performance, disk-to-disk backup software for Linux and Windows servers. (This software was previously more commonly known as R1Soft Backup.)
It is possible for an attacker to overwrite any file on the server regardless of ownership by providing a malicious restore directory via the Send to Agent feature.
Proof of Concept:
Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.
We have deemed this vulnerability to be rated as HIGH due to the fact that any file can be overwritten which could ultimately render a server inoperable.
This vulnerability was tested against Idera Server Backup Manager (R1Soft) v5.4.1 build 39 and is believed to exist in previous versions.
This vulnerability was patched in Idera Server Backup Manager (R1Soft) v5.4.2 build 71.
Vendor Contact Timeline:
2013-09-12: Vendor contacted via email.
2013-09-12: Vendor confirms vulnerability.
2013-10-08: Vendor issues update.
2013-10-08: Rack911 issues security advisory.