This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Bacula First view 2005-09-20
Product Bacula Last view 2012-10-10
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:bacula:bacula

Activity : Overall

Related : CVE

  Date Alert Description
4 2012-10-10 CVE-2012-4430

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.
2.1 2007-10-23 CVE-2007-5626

make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
3.6 2005-09-20 CVE-2005-2995

bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-310 Cryptographic Issues
50% (1) CWE-264 Permissions, Privileges, and Access Controls

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-37 Lifting Data Embedded in Client Distributions
CAPEC-65 Passively Sniff and Capture Application Code Bound for Authorized Client
CAPEC-102 Session Sidejacking
CAPEC-117 Data Interception Attacks
CAPEC-155 Screen Temporary Files for Sensitive Information
CAPEC-157 Sniffing Attacks
CAPEC-167 Lifting Sensitive Data from the Client
CAPEC-204 Lifting cached, sensitive data embedded in client distributions (thick or thin)
CAPEC-205 Lifting credential(s)/key material embedded in client distributions (thick or...
CAPEC-258 Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...
CAPEC-259 Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...
CAPEC-260 Passively Sniffing and Capturing Application Code Bound for an Authorized Cli...

Open Source Vulnerability Database (OSVDB)

id Description
41861 Bacula make_catalog_backup Function MySQL Director Password Cleartext Disclosure
19514 Bacula /scripts/mtx-changer.in Insecure Temporary File Creation
19512 Bacula /autoconf/randpass Insecure Temporary File Creation

OpenVAS Exploits

id Description
2012-10-13 Name : Debian Security Advisory DSA 2558-1 (bacula)
File : nvt/deb_2558_1.nasl
2012-09-15 Name : FreeBSD Ports: bacula
File : nvt/freebsd_bacula.nasl
2012-08-30 Name : Fedora Update for bacula FEDORA-2012-11717
File : nvt/gb_fedora_2012_11717_bacula_fc17.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200807-10 (bacula)
File : nvt/glsa_200807_10.nasl

Nessus® Vulnerability Scanner

id Description
2014-05-19 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201405-11.nasl - Type: ACT_GATHER_INFO
2013-01-25 Name: The remote Fedora host is missing a security update.
File: fedora_2012-14452.nasl - Type: ACT_GATHER_INFO
2012-10-09 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2558.nasl - Type: ACT_GATHER_INFO
2012-09-15 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_143f6932fedb11e1ad4a003067b2972c.nasl - Type: ACT_GATHER_INFO
2012-08-27 Name: The remote Fedora host is missing a security update.
File: fedora_2012-11717.nasl - Type: ACT_GATHER_INFO
2008-07-23 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200807-10.nasl - Type: ACT_GATHER_INFO