bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bacula | Bacula | * | 1.36.3 (including) |
| Bacula | Ubuntu | dapper | * |
| Bacula | Ubuntu | devel | * |
| Bacula | Ubuntu | edgy | * |
| Bacula | Ubuntu | feisty | * |
| Bacula | Ubuntu | gutsy | * |
| Bacula | Ubuntu | hardy | * |
| Bacula | Ubuntu | intrepid | * |
| Bacula | Ubuntu | jaunty | * |
| Bacula | Ubuntu | karmic | * |
References
- http://bugs.gentoo.org/show_bug.cgi?id=104986
- http://marc.info/?l=full-disclosure\u0026m=112721654126735\u0026w=2
- http://www.novell.com/linux/security/advisories/2005_22_sr.html
- http://www.zataz.net/adviso/bacula-09192005.txt
- http://bugs.gentoo.org/show_bug.cgi?id=104986
- http://marc.info/?l=full-disclosure\u0026m=112721654126735\u0026w=2
- http://www.novell.com/linux/security/advisories/2005_22_sr.html
- http://www.zataz.net/adviso/bacula-09192005.txt