VYPR

Bacula

by Bacula

CVEs (4)

  • CVE-2007-5626MedOct 23, 2007
    risk 0.36cvss 5.5epss 0.00

    make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its…

  • CVE-2012-4430Oct 10, 2012
    risk 0.00cvss epss 0.03

    The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.

  • CVE-2008-5373Dec 8, 2008
    risk 0.00cvss epss 0.00

    mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.

  • CVE-2005-2995Sep 20, 2005
    risk 0.00cvss epss 0.00

    bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.