CVE-2012-4430 — Bacula vulnerability

CWE-2648 documents6 sources

Severity

4.0MEDIUMNVD

EPSS

0.6%

top 30.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bacula Debian Bacula Debian Linux

Timeline

PublishedOct 10

Latest updateMay 14

Description

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

▶NVDbacula/bacula< 5.2.11

▶debiandebian/bacula< bacula 5.2.6+dfsg-4 (bookworm)

▶Debianbacula/bacula< 5.2.6+dfsg-4+3

Also affects: Debian Linux 6.0, 7.0

Patches

Patch: www.bacula.org ↗Patch: www.bacula.org ↗

🔴Vulnerability Details

GHSA

GHSA-v4qv-fcmj-64w9: The dump_resource function in dird/dird_conf↗2022-05-14

▶

OSV

CVE-2012-4430: The dump_resource function in dird/dird_conf↗2012-10-10

▶

📋Vendor Advisories

Red Hat

bacula: Improper ACL rules enforcement by dumping resources↗2012-09-13

▶

Debian

CVE-2012-4430: bacula - The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not ...↗2012

▶

💬Community

Bugzilla

CVE-2012-4430 bacula: Improper ACL rules enforcement by dumping resources [epel-5]↗2012-09-17

▶

Bugzilla

CVE-2012-4430 bacula: Improper ACL rules enforcement by dumping resources↗2012-09-17

▶

Bugzilla

CVE-2012-4430 bacula: Improper ACL rules enforcement by dumping resources [fedora-16]↗2012-09-17

▶