Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4430

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-4430
Last Modified 10 Apr 2013 11:30:56
Published 10 Oct 2012 02:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-4430

Summary

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.

Vulnerable Systems

Application

  • Bacula 5.2.10

  • Bacula 5.2.7

  • Bacula 5.2.8


References

BID - 55505

MLIST - [oss-security] 20120914 Re: Re: CVE request: bacula: Console ACL Bypass

MLIST - [oss-security] 20120914 Re: CVE request: bacula: Console ACL Bypass

MLIST - [oss-security] 20120914 CVE request: bacula: Console ACL Bypass

DEBIAN - DSA-2558

CONFIRM - http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905

CONFIRM - http://www.bacula.org/en/?page=news

CONFIRM - http://sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/view

SECUNIA - 50808

SECUNIA - 50535

MANDRIVA - MDVSA-2012:166


Last Updated: 27 May 2016 11:00:56