Idera Server Backup Manager – Restore Arbitrary File Overwrite (R911-0143)

Type: Arbitrary File Overwrite
Location: Local
Impact: High
Product: Idera Server Backup Manager (R1Soft)
Website: http://www.idera.com
Vulnerable Version: 5.4.3
Fixed Version: 5.6
CVE:
R911: 0143
Date: 2014-04-21
By: Rack911

Product Description:

Idera Server Backup Manager is an affordable, high-performance, disk-to-disk backup software for Linux and Windows servers. (This software was previously more commonly known as R1Soft Backup.)

Vulnerability Description:

It is possible for a malicious user to overwrite and take control of any file on the server, including root owned files, using a hard or symlink attack during the restore process if executed by an admin user via the GUI.

Impact:

We have deemed this vulnerability to be rated as HIGH due to the fact that root access can be obtained.

Vulnerable Version:

This vulnerability was tested against Idera Server Backup Manager (R1Soft) v5.4.3 and is believed to exist in previous versions.

Fixed Version:

This vulnerability was patched in Idera Server Backup Manager (R1Soft) v5.6.

Vendor Contact Timeline:

2014-03-07: Vendor contacted via email.
2014-03-17: Vendor confirms vulnerability.
2014-04-21: Vendor issues update.
2014-04-21: Rack911 issues security advisory.