Info

Disclosure

Sep 20, 2005

Discovery

Sep 06, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

Bacula contains a flaw that may allow a malicious local user to create or overwrite arbitrary files on the system. The issue is due to /autoconf/randpass creating temporary files in /tmp insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity
Exploit: Exploit Unknown

Solution

Upgrade to version 1.37.39 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Bacula	Bacula	1.36.3
		1.36.2
		1.36.1
		1.36.0
		1.34.6

References

Security Tracker: 1014941
Secunia Advisory ID: 16866 17083
Related OSVDB ID: 19513 19514
CVE ID: 2005-2995 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0526.html
Vendor Specific News/Changelog Entry: http://bugs.bacula.org/bug_view_advanced_page.php?bug_id=0000422
http://bugs.gentoo.org/show_bug.cgi?id=104986
Vendor URL: http://www.bacula.org/
Other Advisory URL: http://www.zataz.net/adviso/bacula-09192005.txt

Credit

Eric Romang - eromangzataz.net - ZATAZ Audit

Direct URL: http://osvdb.org/36218