Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2012:166 (bacula)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72497

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2012:166 (bacula)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to bacula
announced via advisory MDVSA-2012:166.

A vulnerability has been found and corrected in bacula:

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11
does not properly enforce ACL rules, which allows remote authenticated
users to obtain resource dump information via unspecified vectors
(CVE-2012-4430).

The updated packages have been patched to correct this issue.

Affected: Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:166

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-4430
50535
http://secunia.com/advisories/50535
50808
http://secunia.com/advisories/50808
55505
http://www.securityfocus.com/bid/55505
DSA-2558
http://www.debian.org/security/2012/dsa-2558
MDVSA-2012:166
http://www.mandriva.com/security/advisories?name=MDVSA-2012:166
[oss-security] 20120914 CVE request: bacula: Console ACL Bypass
http://www.openwall.com/lists/oss-security/2012/09/14/11
[oss-security] 20120914 Re: CVE request: bacula: Console ACL Bypass
http://www.openwall.com/lists/oss-security/2012/09/14/12
[oss-security] 20120914 Re: Re: CVE request: bacula: Console ACL Bypass
http://www.openwall.com/lists/oss-security/2012/09/15/2
http://sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/view
http://www.bacula.org/en/?page=news
http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72497
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2012:166 (bacula)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to bacula announced via advisory MDVSA-2012:166. A vulnerability has been found and corrected in bacula: The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors (CVE-2012-4430). The updated packages have been patched to correct this issue. Affected: Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:166 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4430 50535 http://secunia.com/advisories/50535 50808 http://secunia.com/advisories/50808 55505 http://www.securityfocus.com/bid/55505 DSA-2558 http://www.debian.org/security/2012/dsa-2558 MDVSA-2012:166 http://www.mandriva.com/security/advisories?name=MDVSA-2012:166 [oss-security] 20120914 CVE request: bacula: Console ACL Bypass http://www.openwall.com/lists/oss-security/2012/09/14/11 [oss-security] 20120914 Re: CVE request: bacula: Console ACL Bypass http://www.openwall.com/lists/oss-security/2012/09/14/12 [oss-security] 20120914 Re: Re: CVE request: bacula: Console ACL Bypass http://www.openwall.com/lists/oss-security/2012/09/15/2 http://sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/view http://www.bacula.org/en/?page=news http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com