6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
6.6 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.5%
Debian LTS Advisory DLA-2353-1 [email protected]
https://www.debian.org/lts/security/ Thorsten Alteholz
August 29, 2020 https://wiki.debian.org/LTS
Package : bacula
Version : 7.4.4+dfsg-6+deb9u2
CVE ID : CVE-2020-11061
Debian Bug :
An issue has been found in bacula, a network backup service.
By sending oversized digest strings a malicious client can cause a heap
overflow in the director's memory which results in a denial of service.
For Debian 9 stretch, this problem has been fixed in version
7.4.4+dfsg-6+deb9u2.
We recommend that you upgrade your bacula packages.
For the detailed security status of bacula please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/bacula
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 10 | armhf | bacula-console-dbgsym | < 9.4.2-2+deb10u1 | bacula-console-dbgsym_9.4.2-2+deb10u1_armhf.deb |
Debian | 10 | i386 | bacula-console-qt | < 9.4.2-2+deb10u1 | bacula-console-qt_9.4.2-2+deb10u1_i386.deb |
Debian | 9 | amd64 | bacula-fd | < 7.4.4+dfsg-6+deb9u2 | bacula-fd_7.4.4+dfsg-6+deb9u2_amd64.deb |
Debian | 10 | s390x | bacula-bscan-dbgsym | < 9.4.2-2+deb10u1 | bacula-bscan-dbgsym_9.4.2-2+deb10u1_s390x.deb |
Debian | 10 | ppc64el | bacula-bscan | < 9.4.2-2+deb10u1 | bacula-bscan_9.4.2-2+deb10u1_ppc64el.deb |
Debian | 9 | armel | bacula-director-sqlite3 | < 7.4.4+dfsg-6+deb9u2 | bacula-director-sqlite3_7.4.4+dfsg-6+deb9u2_armel.deb |
Debian | 10 | mipsel | bacula-console-qt-dbgsym | < 9.4.2-2+deb10u1 | bacula-console-qt-dbgsym_9.4.2-2+deb10u1_mipsel.deb |
Debian | 10 | mips64el | bacula-sd | < 9.4.2-2+deb10u1 | bacula-sd_9.4.2-2+deb10u1_mips64el.deb |
Debian | 9 | i386 | bacula-bscan | < 7.4.4+dfsg-6+deb9u2 | bacula-bscan_7.4.4+dfsg-6+deb9u2_i386.deb |
Debian | 10 | mips | bacula-common-mysql | < 9.4.2-2+deb10u1 | bacula-common-mysql_9.4.2-2+deb10u1_mips.deb |
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
6.6 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.5%