Executive Summary

Informations
Name CVE-2012-4430 First vendor Publication 2012-10-10
Vendor Cve Last vendor Modification 2018-10-09

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Cvss Base Score 4 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4430

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19834
 
Oval ID: oval:org.mitre.oval:def:19834
Title: DSA-2558-1 bacula - information disclosure
Description: It was discovered that bacula, a network backup service, does not properly enforce console ACLs. This could allow information about resources to be dumped by an otherwise-restricted client.
Family: unix Class: patch
Reference(s): DSA-2558-1
CVE-2012-4430
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): bacula
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Os 2

OpenVAS Exploits

Date Description
2012-10-13 Name : Debian Security Advisory DSA 2558-1 (bacula)
File : nvt/deb_2558_1.nasl
2012-09-15 Name : FreeBSD Ports: bacula
File : nvt/freebsd_bacula.nasl

Nessus® Vulnerability Scanner

Date Description
2014-05-19 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201405-11.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote Fedora host is missing a security update.
File : fedora_2012-14452.nasl - Type : ACT_GATHER_INFO
2012-10-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2558.nasl - Type : ACT_GATHER_INFO
2012-09-15 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_143f6932fedb11e1ad4a003067b2972c.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/55505
CONFIRM http://sourceforge.net/projects/bacula/files/bacula/5.2.12/ReleaseNotes/view
http://www.bacula.org/en/?page=news
http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1...
DEBIAN http://www.debian.org/security/2012/dsa-2558
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2012:166
MLIST http://www.openwall.com/lists/oss-security/2012/09/14/11
http://www.openwall.com/lists/oss-security/2012/09/14/12
http://www.openwall.com/lists/oss-security/2012/09/15/2
SECUNIA http://secunia.com/advisories/50535
http://secunia.com/advisories/50808

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
Date Informations
2021-05-04 12:21:34
  • Multiple Updates
2021-04-22 01:25:41
  • Multiple Updates
2020-05-23 01:49:40
  • Multiple Updates
2020-05-23 00:34:38
  • Multiple Updates
2018-11-30 12:04:51
  • Multiple Updates
2018-10-09 21:19:50
  • Multiple Updates
2016-06-29 00:27:47
  • Multiple Updates
2016-04-26 22:14:00
  • Multiple Updates
2014-05-20 13:23:13
  • Multiple Updates
2014-02-17 11:13:12
  • Multiple Updates
2013-05-10 22:45:37
  • Multiple Updates
2013-04-11 13:20:49
  • Multiple Updates