Bacula Console ACL Bypass Security Vulnerability

Summary

Bacula is prone to a security-bypass vulnerability.

Credit:

The information has been provided by Kern Sibbald .


Details

Vulnerable Systems:
 * Bacula 5.2.11

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions which may aid in launching further attacks. Bacula could allow a remote attacker to bypass security restrictions, caused by an implementation error of console ACLs. An attacker could exploit this vulnerability to gain unauthorized access to specific restricted functionalities.

CVE-2012-4430 : The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.

CVE Information:
CVE-2012-4430

Patch Availability:
http://sourceforge.net/projects/bacula/files/

Disclosure Timeline:
Published : Sep 12 2012
Updated : Oct 12 2012

Categories: News