FreeBSD : bacula -- Console ACL Bypass (143f6932-fedb-11e1-ad4a-003067b2972c)

medium Nessus Plugin ID 62105

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

A security issue has been reported in Bacula, which can be exploited by malicious users to bypass certain security restrictions.

The security issue is caused due to an error within the implementation of console ACLs, which can be exploited to gain access to certain restricted functionality and e.g. dump resources.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?68031535

http://www.nessus.org/u?e0d9d4e4

http://www.nessus.org/u?f01ef0a4

Plugin Details

Severity: Medium

ID: 62105

File Name: freebsd_pkg_143f6932fedb11e1ad4a003067b2972c.nasl

Version: 1.9

Type: local

Published: 9/15/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:bacula

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 9/15/2012

Vulnerability Publication Date: 9/12/2012

Reference Information

CVE: CVE-2012-4430

Secunia: 50535