GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sat May 17, 2014 7:26 pm Post subject: [ GLSA 201405-11 ] Bacula: Information disclosure |
|
|
Gentoo Linux Security Advisory
Title: Bacula: Information disclosure (GLSA 201405-11)
Severity: low
Exploitable: remote
Date: May 17, 2014
Bug(s): #434878
ID: 201405-11
Synopsis
A vulnerability in Bacula may allow remote attackers to obtain
sensitive information.
Background
Bacula is a network based backup suite.
Affected Packages
Package: app-backup/bacula
Vulnerable: < 5.2.12
Unaffected: >= 5.2.12
Architectures: All supported architectures
Description
Bacula does not properly enforce console access control lists.
Impact
A remote authenticated attacker may be able to bypass restrictions to
obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All Bacula users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-backup/bacula-5.2.12"
|
References
CVE-2012-4430 |
|