5.6 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
54.6%
The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.
CPE | Name | Operator | Version |
---|---|---|---|
bacula:bacula | bacula | lt | 5.2.11 |
debian:debian_linux | debian debian linux | eq | 7.0 |
debian:debian_linux | debian debian linux | eq | 6.0 |
secunia.com/advisories/50535
secunia.com/advisories/50808
sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/view
www.bacula.org/en/?page=news
www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905
www.debian.org/security/2012/dsa-2558
www.mandriva.com/security/advisories?name=MDVSA-2012:166
www.openwall.com/lists/oss-security/2012/09/14/11
www.openwall.com/lists/oss-security/2012/09/14/12
www.openwall.com/lists/oss-security/2012/09/15/2
www.securityfocus.com/bid/55505