Proxmon Backup Server: Attackers can destroy backup snapshots
The developers of the backup solution Proxmon Backup Server have closed security vulnerabilities. So far, there are no reports of attacks.
(Image: Dilok Klaisataporn/Shutterstock.com)
Various versions of Proxmon Backup Server are vulnerable. Attackers can exploit two security vulnerabilities.
Various security issues
The developers point out the vulnerabilities in the forum. So far, no CVE numbers and thus no threat level classification are known. The CERT Bund from the BSI classifies the danger as “high.”
Only the Proxmon version 3.x is affected by one vulnerability. If attackers successfully exploit the vulnerability, they can manipulate backup snapshots, making restoration impossible. The version 3.4.1-1 provides a remedy.
Videos by heise
The second vulnerability causes problems with an S3 configuration, and attackers can gain unauthorized access to data. Proxmox Backup Server 4.0.18-1 is equipped to handle this.
Whether there are already attacks is currently unknown. It also remains unclear how admins can identify already-attacked systems.
(des)
