CVE-2012-4430 — MEDIUM (4.0)

Q: How severe is CVE-2012-4430?

CVE-2012-4430 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-4430?

Check the references section above for vendor advisories and patch information. Affected products include: Bacula Bacula, Debian Debian Linux.

Vulnerability Description

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.

CVSS Score

4.0

MEDIUM

AV:N/AC:L/Au:S/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Bacula	Bacula	< 5.2.11
Debian	Debian Linux	6.0

Related Weaknesses (CWE)

CWE-264

References

http://secunia.com/advisories/50535Third Party Advisory
http://secunia.com/advisories/50808Third Party Advisory
http://sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/viewThird Party Advisory
http://www.bacula.org/en/?page=newsVendor Advisory
http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d77PatchVendor Advisory
http://www.debian.org/security/2012/dsa-2558Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:166Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/09/14/11Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2012/09/14/12Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2012/09/15/2Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/55505Third Party AdvisoryVDB Entry
http://secunia.com/advisories/50535Third Party Advisory
http://secunia.com/advisories/50808Third Party Advisory
http://sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/viewThird Party Advisory
http://www.bacula.org/en/?page=newsVendor Advisory

FAQ

What is CVE-2012-4430?

CVE-2012-4430 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified ...

How severe is CVE-2012-4430?

CVE-2012-4430 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-4430?

Check the references section above for vendor advisories and patch information. Affected products include: Bacula Bacula, Debian Debian Linux.