Main Vulnerability Database SB2014051701

SB2014051701 - Gentoo update for Bacula

Published: May 17, 2014 Updated: September 25, 2016

Security Bulletin ID SB2014051701

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-4430)

The vulnerability allows a remote #AU# to gain access to sensitive information.

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.

Remediation

Install update from vendor's website.

References

https://security.gentoo.org/
https://security.gentoo.org/glsa/201405-11