Debian Bacula vulnerabilities

6 known vulnerabilities affecting debian/bacula.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM2LOW4

Vulnerabilities

Page 1 of 1

CVE-2020-11061MEDIUMCVSS 6.0fixed in bacula 9.6.5-1 (bookworm)2020

CVE-2020-11061 [MEDIUM] CVE-2020-11061: bacula - In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a ... In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10. Scope: local bookworm:

CVE-2012-4430MEDIUMCVSS 4.0fixed in bacula 5.2.6+dfsg-4 (bookworm)2012

CVE-2012-4430 [MEDIUM] CVE-2012-4430: bacula - The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not ... The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors. Scope: local bookworm: resolved (fixed in 5.2.6+dfsg-4) bullseye: resolved (fixed in 5.2.6+dfsg-4) forky: resolved (fixed in 5.2.6+dfsg-4) sid: resolved (fixed

CVE-2008-5373LOWCVSS 3.6fixed in bacula 2.4.0-1 (bookworm)2008

CVE-2008-5373 [LOW] CVE-2008-5373: bacula - mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrit... mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995. Scope: local bookworm: resolved (fixed in 2.4.0-1) bullseye: resolved (fixed in 2.4.0-1) forky: resolved (fixed in 2.4.0-1) sid: resolved (fixed in 2.4.0-1) trixie: resolved

CVE-2007-5626LOWCVSS 5.5fixed in bacula 5.0.0-1 (bookworm)2007

CVE-2007-5626 [MEDIUM] CVE-2007-5626: bacula - make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL passwor... make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network. Scope: local bookworm: resolved (fixed in 5.0.0-1) bul

CVE-2005-2096LOWCVSS 7.5fixed in aide 0.10-6.1.1 (bookworm)2005

CVE-2005-2096 [HIGH] CVE-2005-2096: aide - zlib 1.2 and later versions allows remote attackers to cause a denial of service... zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. Scope: local bookworm: resolved (fixed in 0.10-6.1.1) bullseye: resolved (fixed in 0.10-6.1.1) forky: resolved (

CVE-2005-2995LOWCVSS 3.6fixed in bacula 1.38.9-1 (bookworm)2005

CVE-2005-2995 [LOW] CVE-2005-2995: bacula - bacula 1.36.3 and earlier allows local users to modify or read sensitive files v... bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in. Scope: local bookworm: resolved (fixed in 1.38.9-1) bullseye: resolved (fixed in 1.38.9-1) forky: resolved (fixed in 1.38.9-1) sid: res