Vulnerability Details CVE-2012-4430
The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.7%
CVSS Severity
CVSS v2 Score 4.0
References
- http://secunia.com/advisories/50535
- http://secunia.com/advisories/50808
- http://sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/view
- http://www.bacula.org/en/?page=news
- http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905
- http://www.debian.org/security/2012/dsa-2558
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:166
- http://www.openwall.com/lists/oss-security/2012/09/14/11
- http://www.openwall.com/lists/oss-security/2012/09/14/12
- http://www.openwall.com/lists/oss-security/2012/09/15/2
- http://www.securityfocus.com/bid/55505
- http://secunia.com/advisories/50535
- http://secunia.com/advisories/50808
- http://sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/view
- http://www.bacula.org/en/?page=news
- http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905
- http://www.debian.org/security/2012/dsa-2558
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:166
- http://www.openwall.com/lists/oss-security/2012/09/14/11
- http://www.openwall.com/lists/oss-security/2012/09/14/12
- http://www.openwall.com/lists/oss-security/2012/09/15/2
- http://www.securityfocus.com/bid/55505
Products affected by CVE-2012-4430
-
cpe:2.3:a:bacula:bacula:1.19a
-
cpe:2.3:a:bacula:bacula:1.19b
-
cpe:2.3:a:bacula:bacula:1.20
-
cpe:2.3:a:bacula:bacula:1.21
-
cpe:2.3:a:bacula:bacula:1.22
-
cpe:2.3:a:bacula:bacula:1.23
-
cpe:2.3:a:bacula:bacula:1.23a
-
cpe:2.3:a:bacula:bacula:1.24
-
cpe:2.3:a:bacula:bacula:1.25
-
cpe:2.3:a:bacula:bacula:1.25a
-
cpe:2.3:a:bacula:bacula:1.26
-
cpe:2.3:a:bacula:bacula:1.27
-
cpe:2.3:a:bacula:bacula:1.27a
-
cpe:2.3:a:bacula:bacula:1.27b
-
cpe:2.3:a:bacula:bacula:1.27c
-
cpe:2.3:a:bacula:bacula:1.28
-
cpe:2.3:a:bacula:bacula:1.29
-
cpe:2.3:a:bacula:bacula:1.30
-
cpe:2.3:a:bacula:bacula:1.31
-
cpe:2.3:a:bacula:bacula:1.31a
-
cpe:2.3:a:bacula:bacula:1.32
-
cpe:2.3:a:bacula:bacula:1.32a
-
cpe:2.3:a:bacula:bacula:1.32b
-
cpe:2.3:a:bacula:bacula:1.32c
-
cpe:2.3:a:bacula:bacula:1.32d
-
cpe:2.3:a:bacula:bacula:1.32e
-
cpe:2.3:a:bacula:bacula:1.32f
-
cpe:2.3:a:bacula:bacula:1.32f-2
-
cpe:2.3:a:bacula:bacula:1.32f-3
-
cpe:2.3:a:bacula:bacula:1.32f-4
-
cpe:2.3:a:bacula:bacula:1.32f-5
-
cpe:2.3:a:bacula:bacula:1.34.0
-
cpe:2.3:a:bacula:bacula:1.34.1
-
cpe:2.3:a:bacula:bacula:1.34.3
-
cpe:2.3:a:bacula:bacula:1.34.4
-
cpe:2.3:a:bacula:bacula:1.34.5
-
cpe:2.3:a:bacula:bacula:1.34.6
-
cpe:2.3:a:bacula:bacula:1.35.1
-
cpe:2.3:a:bacula:bacula:1.35.2
-
cpe:2.3:a:bacula:bacula:1.35.3
-
cpe:2.3:a:bacula:bacula:1.35.6
-
cpe:2.3:a:bacula:bacula:1.35.7
-
cpe:2.3:a:bacula:bacula:1.35.8
-
cpe:2.3:a:bacula:bacula:1.36.0
-
cpe:2.3:a:bacula:bacula:1.36.1
-
cpe:2.3:a:bacula:bacula:1.36.2
-
cpe:2.3:a:bacula:bacula:1.36.3
-
cpe:2.3:a:bacula:bacula:1.38.0
-
cpe:2.3:a:bacula:bacula:1.38.1
-
cpe:2.3:a:bacula:bacula:1.38.10
-
cpe:2.3:a:bacula:bacula:1.38.11
-
cpe:2.3:a:bacula:bacula:1.38.2
-
cpe:2.3:a:bacula:bacula:1.38.3
-
cpe:2.3:a:bacula:bacula:1.38.4
-
cpe:2.3:a:bacula:bacula:1.38.5
-
cpe:2.3:a:bacula:bacula:1.38.6
-
cpe:2.3:a:bacula:bacula:1.38.7
-
cpe:2.3:a:bacula:bacula:1.38.8
-
cpe:2.3:a:bacula:bacula:1.38.9
-
cpe:2.3:a:bacula:bacula:2.0.0
-
cpe:2.3:a:bacula:bacula:2.0.1
-
cpe:2.3:a:bacula:bacula:2.0.2
-
cpe:2.3:a:bacula:bacula:2.0.3
-
cpe:2.3:a:bacula:bacula:2.2.0
-
cpe:2.3:a:bacula:bacula:2.2.1
-
cpe:2.3:a:bacula:bacula:2.2.2
-
cpe:2.3:a:bacula:bacula:2.2.3
-
cpe:2.3:a:bacula:bacula:2.2.4
-
cpe:2.3:a:bacula:bacula:2.2.5
-
cpe:2.3:a:bacula:bacula:2.2.6
-
cpe:2.3:a:bacula:bacula:2.2.7
-
cpe:2.3:a:bacula:bacula:2.2.8
-
cpe:2.3:a:bacula:bacula:2.2.9-b7
-
cpe:2.3:a:bacula:bacula:2.4.0
-
cpe:2.3:a:bacula:bacula:2.4.1
-
cpe:2.3:a:bacula:bacula:2.4.2
-
cpe:2.3:a:bacula:bacula:2.4.3
-
cpe:2.3:a:bacula:bacula:2.4.4
-
cpe:2.3:a:bacula:bacula:3.0.0
-
cpe:2.3:a:bacula:bacula:3.0.1
-
cpe:2.3:a:bacula:bacula:3.0.2
-
cpe:2.3:a:bacula:bacula:3.0.3
-
cpe:2.3:a:bacula:bacula:3.0.3a
-
cpe:2.3:a:bacula:bacula:3.0.3b
-
cpe:2.3:a:bacula:bacula:5.0.0
-
cpe:2.3:a:bacula:bacula:5.0.1
-
cpe:2.3:a:bacula:bacula:5.0.2
-
cpe:2.3:a:bacula:bacula:5.0.3
-
cpe:2.3:a:bacula:bacula:5.2.1
-
cpe:2.3:a:bacula:bacula:5.2.10
-
cpe:2.3:a:bacula:bacula:5.2.2
-
cpe:2.3:a:bacula:bacula:5.2.3
-
cpe:2.3:a:bacula:bacula:5.2.4
-
cpe:2.3:a:bacula:bacula:5.2.5
-
cpe:2.3:a:bacula:bacula:5.2.6
-
cpe:2.3:a:bacula:bacula:5.2.7
-
cpe:2.3:a:bacula:bacula:5.2.8
-
cpe:2.3:a:bacula:bacula:5.2.9
-
cpe:2.3:o:debian:debian_linux:6.0
-
cpe:2.3:o:debian:debian_linux:7.0