Menu
▾
▴
Re: [BackupPC-users] BackupPC-XS zlib vulnerability
|
From: Paul L. <pau...@gm...> - 2026-01-18 18:19:12
|
On 18/01/2026 17:32, G.W. Haywood wrote: > In the case of BackupPC I'm not sure how easy it would be to arrange > for these conditions to be met, but it could theoretically be achieved > by getting BackupPC to back up or recover a crafted file. (If users > can e.g. run a compiler on the server they can alternatively download > vulnerable code (any vulnerable code, not just zlib) and build it. > Then they can do what they like with it. I've done that for example > to hack into a Debian box when the owner forgot the root password. In my experience it is much easier to boot into a live distro from external media (DVD, USB stick, etc), mount the original system disk and then just zap the entry in /mnt/etc/passwd. Rule of thumb: if you have physical access to the hardware, the machine is yours. All of the above assumes that the system disk is not encrypted *and* its encryption key has not been lost. If it is lost, you're screwed - to use a technical term. Paul |
