CVE-2005-2995 — Link Following in Bacula

CWE-59 — Link Following10 documents6 sources

Severity

6.9MEDIUMNVD

NVD3.6OSV3.6

EPSS

0.1%

top 76.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bacula Debian Bacula

Timeline

PublishedSep 20

Latest updateMay 14

Description

bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.

CVSS vector

AV:L/AC:L/C:P/I:P/A:NExploitability: 3.9 | Impact: 4.9

Affected Packages3 packages

▶debiandebian/bacula< bacula 2.4.0-1 (bookworm)+1

▶Debianbacula/bacula< 1.38.9-1+7

▶NVDbacula/bacula1.36.3+1

Patches

Patch: bugs.gentoo.org ↗Patch: www.zataz.net ↗Patch: bugs.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-xgpj-r9f2-8ghw: mtx-changer↗2022-05-14

▶

GHSA

GHSA-8gwv-jfxv-7hwm: bacula 1↗2022-05-01

▶

OSV

CVE-2008-5373: mtx-changer↗2008-12-08

▶

OSV

CVE-2005-2995: bacula 1↗2005-09-20

▶

📋Vendor Advisories

Red Hat

bacula-common: Insecure temporary file use in autochangers (symlink attack)↗2008-08-11

▶

Debian

CVE-2008-5373: bacula - mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrit...↗2008

▶

Debian

CVE-2005-2995: bacula - bacula 1.36.3 and earlier allows local users to modify or read sensitive files v...↗2005

▶

💬Community

Bugzilla

CVE-2008-5373 bacula-common: Insecure temporary file use in autochangers (symlink attack)↗2008-12-09

▶