Bacula Console ACL Bypass Security Vulnerability
The information has been provided by Kern Sibbald .
* Bacula 5.2.11
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions which may aid in launching further attacks. Bacula could allow a remote attacker to bypass security restrictions, caused by an implementation error of console ACLs. An attacker could exploit this vulnerability to gain unauthorized access to specific restricted functionalities.
CVE-2012-4430 : The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.
Published : Sep 12 2012
Updated : Oct 12 2012