LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2012:166: bacula Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been found and corrected in bacula: The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:166
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : bacula
 Date    : October 12, 2012
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in bacula:
 
 The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11
 does not properly enforce ACL rules, which allows remote authenticated
 users to obtain resource dump information via unspecified vectors
 (CVE-2012-4430).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4430
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 19c2e396c057a462eed645763f6dd214  mes5/i586/bacula-common-3.0.3-0.2mdvmes5.2.i586.rpm
 2ed8f24e1dd0631c0f66459c803d77d6  mes5/i586/bacula-console-3.0.3-0.2mdvmes5.2.i586.rpm
 125e86f5f3ab21c7187e7250a6a398d4  mes5/i586/bacula-console-gnome-3.0.3-0.2mdvmes5.2.i586.rpm
 02ecfe2faed93c639198d92bdb9136c1  mes5/i586/bacula-console-wx-3.0.3-0.2mdvmes5.2.i586.rpm
 3ece4e74eecdc68f248328b0cd44df91  mes5/i586/bacula-dir-common-3.0.3-0.2mdvmes5.2.i586.rpm
 12eac5efa71756f40c9b87a2196c971d  mes5/i586/bacula-dir-mysql-3.0.3-0.2mdvmes5.2.i586.rpm
 518f88db266dffdc6b28655c59b9cd12  mes5/i586/bacula-dir-pgsql-3.0.3-0.2mdvmes5.2.i586.rpm
 8cc7f89f0b8c9733664e6ae41ef940a4  mes5/i586/bacula-dir-sqlite-3.0.3-0.2mdvmes5.2.i586.rpm
 aa6982dc6d72b8ecebf0e5a2e5b12d93  mes5/i586/bacula-dir-sqlite3-3.0.3-0.2mdvmes5.2.i586.rpm
 fa909ff617fc0985bef861cbcd82ce96  mes5/i586/bacula-fd-3.0.3-0.2mdvmes5.2.i586.rpm
 96557d5790a25b37a6e2e5fb8058b04b  mes5/i586/bacula-gui-bimagemgr-3.0.3-0.2mdvmes5.2.i586.rpm
 ccd13a62c0835c0cc418cda38ba565e6  mes5/i586/bacula-gui-bweb-3.0.3-0.2mdvmes5.2.i586.rpm
 9dcaf0949cb92e3e5137255810699296  mes5/i586/bacula-gui-web-3.0.3-0.2mdvmes5.2.i586.rpm
 5695b3150b11f84223a5152bb30aba64  mes5/i586/bacula-sd-3.0.3-0.2mdvmes5.2.i586.rpm 
 2df32a57b05c2e1290d84786f9ef31c7  mes5/SRPMS/bacula-3.0.3-0.2mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 b271737aee3770bcd7cef6f1d97875e9  mes5/x86_64/bacula-common-3.0.3-0.2mdvmes5.2.x86_64.rpm
 623c71cdb2c38b1b6f06d6d6a321b6c5  mes5/x86_64/bacula-console-3.0.3-0.2mdvmes5.2.x86_64.rpm
 795c5261d9b92e6868a57da5c554b464  mes5/x86_64/bacula-console-gnome-3.0.3-0.2mdvmes5.2.x86_64.rpm
 8562e98eef26fa0fe1d4eb94cd21dcb0  mes5/x86_64/bacula-console-wx-3.0.3-0.2mdvmes5.2.x86_64.rpm
 2044cbdb6d62d872c79727a67951f218  mes5/x86_64/bacula-dir-common-3.0.3-0.2mdvmes5.2.x86_64.rpm
 c28eec43673f0967e0b17f1baf8b7c42  mes5/x86_64/bacula-dir-mysql-3.0.3-0.2mdvmes5.2.x86_64.rpm
 817f3d6a0697b9c97189592f18f92983  mes5/x86_64/bacula-dir-pgsql-3.0.3-0.2mdvmes5.2.x86_64.rpm
 6d7413099343399fde6d99b3a7df8dd9  mes5/x86_64/bacula-dir-sqlite-3.0.3-0.2mdvmes5.2.x86_64.rpm
 e96a8577bea4e733d9e6f88914684173  mes5/x86_64/bacula-dir-sqlite3-3.0.3-0.2mdvmes5.2.x86_64.rpm
 ac3a716e0e1ce3ee931854e34aeead9d  mes5/x86_64/bacula-fd-3.0.3-0.2mdvmes5.2.x86_64.rpm
 4cb81dd656d54b66f6e62d3dd3454e01  mes5/x86_64/bacula-gui-bimagemgr-3.0.3-0.2mdvmes5.2.x86_64.rpm
 cf2c22981a45797cab0e84afa0d003c8  mes5/x86_64/bacula-gui-bweb-3.0.3-0.2mdvmes5.2.x86_64.rpm
 072cc023f4e40755f27dcb6fdea3985d  mes5/x86_64/bacula-gui-web-3.0.3-0.2mdvmes5.2.x86_64.rpm
 dd975ce1741046ab3e91465920c19e79  mes5/x86_64/bacula-sd-3.0.3-0.2mdvmes5.2.x86_64.rpm 
 2df32a57b05c2e1290d84786f9ef31c7  mes5/SRPMS/bacula-3.0.3-0.2mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says
What a hacker can learn about your life from the coffee shop’s Wi-Fi network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.