FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-4430

This CVE name corresponds to:

Entered Topic
2012-09-15 bacula -- Console ACL Bypass

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-4430
Phase Assigned(20120821)

Description

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.

References

Source Reference
MLIST [oss-security] 20120914 CVE request: bacula: Console ACL Bypass
MLIST [oss-security] 20120914 Re: CVE request: bacula: Console ACL Bypass
MLIST [oss-security] 20120914 Re: Re: CVE request: bacula: Console ACL Bypass
CONFIRM http://sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/view
CONFIRM http://www.bacula.org/en/?page=news
CONFIRM http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905
DEBIAN DSA-2558
MANDRIVA MDVSA-2012:166
BID 55505
SECUNIA 50535
SECUNIA 50808