Bacula Console ACL Bypass Security Vulnerability


Bacula is prone to a security-bypass vulnerability.


The information has been provided by Kern Sibbald .


Vulnerable Systems:
 * Bacula 5.2.11

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions which may aid in launching further attacks. Bacula could allow a remote attacker to bypass security restrictions, caused by an implementation error of console ACLs. An attacker could exploit this vulnerability to gain unauthorized access to specific restricted functionalities.

CVE-2012-4430 : The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.

CVE Information:

Patch Availability:

Disclosure Timeline:
Published : Sep 12 2012
Updated : Oct 12 2012

Categories: News