Bacula: Information disclosure — GLSA 201405-11

A vulnerability in Bacula may allow remote attackers to obtain sensitive information.

Affected Packages

app-backup/bacula on all architectures
Affected versions < 5.2.12
Unaffected versions >= 5.2.12

Background

Bacula is a network based backup suite.

Description

Bacula does not properly enforce console access control lists.

Impact

A remote authenticated attacker may be able to bypass restrictions to obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All Bacula users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-backup/bacula-5.2.12"
 

References

Release Date
May 17, 2014

Latest Revision
May 17, 2014: 1

Severity
low

Exploitable
remote

Bugzilla entries