CVE-2009-3611

Name: CVE-2009-3611
Creator: NVD / NIST
Published: 2009-10-26T16:30:00.89+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.1/10EPSS 0.30%

Last modified Jun 16, 2026

CVE-2009-3611 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.. EPSS estimates a 0.30% chance of exploitation in the next 30 days.

Description

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.

Metrics

CVSS 3.1

7.1/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Probability

0.30%

21.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-732

Affected Software

Vendor	Product	Versions
Le-Web	Backintime	0.9.26
Fedoraproject	Fedora	10
Fedoraproject	Fedora	11

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785Mailing List
http://bugs.gentoo.org/show_bug.cgi?id=289047Issue Tracking, Patch
http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gzBroken Link, Patch
http://marc.info/?l=oss-security&m=125553645511436&w=2Mailing List
http://marc.info/?l=oss-security&m=125554894700336&w=2Mailing List
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=520210Issue Tracking
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.htmlMailing List
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00823.htmlMailing List
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785Mailing List
http://bugs.gentoo.org/show_bug.cgi?id=289047Issue Tracking, Patch
http://ftp.debian.org/debian/pool/main/b/backintime/backintime_0.9.26-3.diff.gzBroken Link, Patch
http://marc.info/?l=oss-security&m=125553645511436&w=2Mailing List
http://marc.info/?l=oss-security&m=125554894700336&w=2Mailing List
https://bugs.launchpad.net/ubuntu/+source/backintime/+bug/434256Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=520210Issue Tracking
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00821.htmlMailing List
https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00823.htmlMailing List

Timeline

Published: Oct 26, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-3611?

How severe is CVE-2009-3611?

CVE-2009-3611 has a CVSS score of 7.1/10 (HIGH severity). The EPSS model estimates a 0.30% probability of exploitation in the next 30 days.

How do I fix CVE-2009-3611?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-3611?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST