FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bacula -- Console ACL Bypass

Affected packages
bacula < 5.2.11

Details

VuXML ID 143f6932-fedb-11e1-ad4a-003067b2972c
Discovery 2012-09-12
Entry 2012-09-15

A security issue has been reported in Bacula, which can be exploited by malicious users to bypass certain security restrictions.

The security issue is caused due to an error within the implementation of console ACLs, which can be exploited to gain access to certain restricted functionality and e.g. dump resources.

References

CVE Name CVE-2012-4430
URL http://sourceforge.net/projects/bacula/files/bacula/5.2.11/ReleaseNotes/view
URL http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905
URL https://secunia.com/advisories/50535/