Search criteria
17 vulnerabilities found for bareos by bareos
CVE-2024-45044 (GCVE-0-2024-45044)
Vulnerability from cvelistv5 – Published: 2024-09-10 14:57 – Updated: 2024-09-10 19:23
VLAI?
Title
Bareos's negative command ACLs can be circumvented by abbreviating commands
Summary
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation (i.e. "w" for "whoami") the ACL check did not apply to the full form (i.e. "whoami") but to the abbreviated form (i.e. "w"). If the command ACL is configured with negative ACL that should forbid using the "whoami" command, you could still use "w" or "who" as a command successfully. Fixes for the problem are shipped in Bareos versions 23.0.4, 22.1.6 and 21.1.11. If only positive command ACLs are used without any negation, the problem does not occur.
Severity ?
8.8 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bareos",
"vendor": "bareos",
"versions": [
{
"lessThan": "23.0.4",
"status": "affected",
"version": "23.0.0",
"versionType": "custom"
},
{
"lessThan": "22.1.6",
"status": "affected",
"version": "22.0.0",
"versionType": "custom"
},
{
"lessThan": "21.1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:21:00.578548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:23:58.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bareos",
"vendor": "bareos",
"versions": [
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.0.4"
},
{
"status": "affected",
"version": "\u003e= 22.0.0, \u003c 22.1.6"
},
{
"status": "affected",
"version": "\u003c 21.1.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation (i.e. \"w\" for \"whoami\") the ACL check did not apply to the full form (i.e. \"whoami\") but to the abbreviated form (i.e. \"w\"). If the command ACL is configured with negative ACL that should forbid using the \"whoami\" command, you could still use \"w\" or \"who\" as a command successfully. Fixes for the problem are shipped in Bareos versions 23.0.4, 22.1.6 and 21.1.11. If only positive command ACLs are used without any negation, the problem does not occur."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:57:57.464Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bareos/bareos/security/advisories/GHSA-jfww-q346-r2r8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-jfww-q346-r2r8"
},
{
"name": "https://github.com/bareos/bareos/pull/1875",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1875"
},
{
"name": "https://github.com/bareos/bareos/commit/2a026698b87d13bd1c6275726b5e826702f81dd5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/commit/2a026698b87d13bd1c6275726b5e826702f81dd5"
}
],
"source": {
"advisory": "GHSA-jfww-q346-r2r8",
"discovery": "UNKNOWN"
},
"title": "Bareos\u0027s negative command ACLs can be circumvented by abbreviating commands"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45044",
"datePublished": "2024-09-10T14:57:57.464Z",
"dateReserved": "2024-08-21T17:53:51.331Z",
"dateUpdated": "2024-09-10T19:23:58.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24756 (GCVE-0-2022-24756)
Vulnerability from cvelistv5 – Published: 2022-03-15 14:40 – Updated: 2025-04-22 18:18
VLAI?
Title
Missing Release of Memory after Effective Lifetime in Bareos Director
Summary
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround.
Severity ?
7.5 (High)
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24756",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:41:51.472279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:18:06.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bareos",
"vendor": "bareos",
"versions": [
{
"status": "affected",
"version": "\u003e= 18.2, \u003c 19.2.12"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.6"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director \u003e= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401: Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T14:40:20.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j"
}
],
"source": {
"advisory": "GHSA-jh55-4wgw-xc9j",
"discovery": "UNKNOWN"
},
"title": "Missing Release of Memory after Effective Lifetime in Bareos Director",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24756",
"STATE": "PUBLIC",
"TITLE": "Missing Release of Memory after Effective Lifetime in Bareos Director"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bareos",
"version": {
"version_data": [
{
"version_value": "\u003e= 18.2, \u003c 19.2.12"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.6"
},
{
"version_value": "\u003e= 21.0.0, \u003c 21.1.0"
}
]
}
}
]
},
"vendor_name": "bareos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director \u003e= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401: Missing Release of Memory after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bareos/bareos/pull/1115",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"name": "https://github.com/bareos/bareos/pull/1119",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"name": "https://github.com/bareos/bareos/pull/1121",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"name": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/",
"refsource": "MISC",
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
},
{
"name": "https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j",
"refsource": "CONFIRM",
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j"
}
]
},
"source": {
"advisory": "GHSA-jh55-4wgw-xc9j",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24756",
"datePublished": "2022-03-15T14:40:21.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:18:06.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24755 (GCVE-0-2022-24755)
Vulnerability from cvelistv5 – Published: 2022-03-15 14:35 – Updated: 2025-04-22 18:18
VLAI?
Title
Incorrect Authorization in Bareos Director
Summary
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized.
Severity ?
8.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24755",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:44:05.468336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:18:15.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bareos",
"vendor": "bareos",
"versions": [
{
"status": "affected",
"version": "\u003e= 18.2, \u003c 19.2.12"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.6"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director \u003e= 18.2 \u003e= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T14:35:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
}
],
"source": {
"advisory": "GHSA-4979-8ffj-4q26",
"discovery": "UNKNOWN"
},
"title": "Incorrect Authorization in Bareos Director",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24755",
"STATE": "PUBLIC",
"TITLE": "Incorrect Authorization in Bareos Director"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bareos",
"version": {
"version_data": [
{
"version_value": "\u003e= 18.2, \u003c 19.2.12"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.6"
},
{
"version_value": "\u003e= 21.0.0, \u003c 21.1.0"
}
]
}
}
]
},
"vendor_name": "bareos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director \u003e= 18.2 \u003e= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26",
"refsource": "CONFIRM",
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26"
},
{
"name": "https://github.com/bareos/bareos/pull/1115",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"name": "https://github.com/bareos/bareos/pull/1119",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"name": "https://github.com/bareos/bareos/pull/1121",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"name": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/",
"refsource": "MISC",
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
}
]
},
"source": {
"advisory": "GHSA-4979-8ffj-4q26",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24755",
"datePublished": "2022-03-15T14:35:13.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:18:15.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4042 (GCVE-0-2020-4042)
Vulnerability from cvelistv5 – Published: 2020-07-10 19:30 – Updated: 2024-08-04 07:52
VLAI?
Title
Authentication bypass in Bareos
Summary
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8.
Severity ?
6.8 (Medium)
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.bareos.org/view.php?id=1250"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bareos",
"vendor": "bareos",
"versions": [
{
"status": "affected",
"version": "\u003c 19.2.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director\u0027s cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294: Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T19:30:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.bareos.org/view.php?id=1250"
}
],
"source": {
"advisory": "GHSA-vqpj-2vhj-h752",
"discovery": "UNKNOWN"
},
"title": "Authentication bypass in Bareos",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-4042",
"STATE": "PUBLIC",
"TITLE": "Authentication bypass in Bareos"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bareos",
"version": {
"version_data": [
{
"version_value": "\u003c 19.2.8"
}
]
}
}
]
},
"vendor_name": "bareos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director\u0027s cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294: Authentication Bypass by Capture-replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752",
"refsource": "CONFIRM",
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752"
},
{
"name": "https://bugs.bareos.org/view.php?id=1250",
"refsource": "MISC",
"url": "https://bugs.bareos.org/view.php?id=1250"
}
]
},
"source": {
"advisory": "GHSA-vqpj-2vhj-h752",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-4042",
"datePublished": "2020-07-10T19:30:14",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11061 (GCVE-0-2020-11061)
Vulnerability from cvelistv5 – Published: 2020-07-10 19:25 – Updated: 2024-08-04 11:21
VLAI?
Title
Heap-based Buffer Overflow in Bareos Director
Summary
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.
Severity ?
6 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bareos GmbH & Co. KG | Bareos Director |
Affected:
<= 16.2.10
Affected: <= 17.2.9 Affected: <= 18.2.8 Affected: <= 19.2.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.bareos.org/view.php?id=1210"
},
{
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2353-1] bacula security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00051.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bareos Director",
"vendor": "Bareos GmbH \u0026 Co. KG",
"versions": [
{
"status": "affected",
"version": "\u003c= 16.2.10"
},
{
"status": "affected",
"version": "\u003c= 17.2.9"
},
{
"status": "affected",
"version": "\u003c= 18.2.8"
},
{
"status": "affected",
"version": "\u003c= 19.2.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director\u0027s memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-29T23:06:35",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.bareos.org/view.php?id=1210"
},
{
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2353-1] bacula security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00051.html"
}
],
"source": {
"advisory": "GHSA-mm45-cg35-54j4",
"discovery": "UNKNOWN"
},
"title": "Heap-based Buffer Overflow in Bareos Director",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11061",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in Bareos Director"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bareos Director",
"version": {
"version_data": [
{
"version_value": "\u003c= 16.2.10"
},
{
"version_value": "\u003c= 17.2.9"
},
{
"version_value": "\u003c= 18.2.8"
},
{
"version_value": "\u003c= 19.2.7"
}
]
}
}
]
},
"vendor_name": "Bareos GmbH \u0026 Co. KG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director\u0027s memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4",
"refsource": "CONFIRM",
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4"
},
{
"name": "https://bugs.bareos.org/view.php?id=1210",
"refsource": "MISC",
"url": "https://bugs.bareos.org/view.php?id=1210"
},
{
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2353-1] bacula security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00051.html"
}
]
},
"source": {
"advisory": "GHSA-mm45-cg35-54j4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11061",
"datePublished": "2020-07-10T19:25:13",
"dateReserved": "2020-03-30T00:00:00",
"dateUpdated": "2024-08-04T11:21:14.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14610 (GCVE-0-2017-14610)
Vulnerability from cvelistv5 – Published: 2017-09-20 18:00 – Updated: 2024-09-16 17:32
VLAI?
Summary
bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.bareos.org/view.php?id=847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.bareos.org/view.php?id=847"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.bareos.org/view.php?id=847",
"refsource": "MISC",
"url": "https://bugs.bareos.org/view.php?id=847"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14610",
"datePublished": "2017-09-20T18:00:00Z",
"dateReserved": "2017-09-20T00:00:00Z",
"dateUpdated": "2024-09-16T17:32:56.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45044 (GCVE-0-2024-45044)
Vulnerability from nvd – Published: 2024-09-10 14:57 – Updated: 2024-09-10 19:23
VLAI?
Title
Bareos's negative command ACLs can be circumvented by abbreviating commands
Summary
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation (i.e. "w" for "whoami") the ACL check did not apply to the full form (i.e. "whoami") but to the abbreviated form (i.e. "w"). If the command ACL is configured with negative ACL that should forbid using the "whoami" command, you could still use "w" or "who" as a command successfully. Fixes for the problem are shipped in Bareos versions 23.0.4, 22.1.6 and 21.1.11. If only positive command ACLs are used without any negation, the problem does not occur.
Severity ?
8.8 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bareos",
"vendor": "bareos",
"versions": [
{
"lessThan": "23.0.4",
"status": "affected",
"version": "23.0.0",
"versionType": "custom"
},
{
"lessThan": "22.1.6",
"status": "affected",
"version": "22.0.0",
"versionType": "custom"
},
{
"lessThan": "21.1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:21:00.578548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:23:58.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bareos",
"vendor": "bareos",
"versions": [
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.0.4"
},
{
"status": "affected",
"version": "\u003e= 22.0.0, \u003c 22.1.6"
},
{
"status": "affected",
"version": "\u003c 21.1.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation (i.e. \"w\" for \"whoami\") the ACL check did not apply to the full form (i.e. \"whoami\") but to the abbreviated form (i.e. \"w\"). If the command ACL is configured with negative ACL that should forbid using the \"whoami\" command, you could still use \"w\" or \"who\" as a command successfully. Fixes for the problem are shipped in Bareos versions 23.0.4, 22.1.6 and 21.1.11. If only positive command ACLs are used without any negation, the problem does not occur."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:57:57.464Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bareos/bareos/security/advisories/GHSA-jfww-q346-r2r8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-jfww-q346-r2r8"
},
{
"name": "https://github.com/bareos/bareos/pull/1875",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1875"
},
{
"name": "https://github.com/bareos/bareos/commit/2a026698b87d13bd1c6275726b5e826702f81dd5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/commit/2a026698b87d13bd1c6275726b5e826702f81dd5"
}
],
"source": {
"advisory": "GHSA-jfww-q346-r2r8",
"discovery": "UNKNOWN"
},
"title": "Bareos\u0027s negative command ACLs can be circumvented by abbreviating commands"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45044",
"datePublished": "2024-09-10T14:57:57.464Z",
"dateReserved": "2024-08-21T17:53:51.331Z",
"dateUpdated": "2024-09-10T19:23:58.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24756 (GCVE-0-2022-24756)
Vulnerability from nvd – Published: 2022-03-15 14:40 – Updated: 2025-04-22 18:18
VLAI?
Title
Missing Release of Memory after Effective Lifetime in Bareos Director
Summary
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround.
Severity ?
7.5 (High)
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24756",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:41:51.472279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:18:06.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bareos",
"vendor": "bareos",
"versions": [
{
"status": "affected",
"version": "\u003e= 18.2, \u003c 19.2.12"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.6"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director \u003e= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401: Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T14:40:20.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j"
}
],
"source": {
"advisory": "GHSA-jh55-4wgw-xc9j",
"discovery": "UNKNOWN"
},
"title": "Missing Release of Memory after Effective Lifetime in Bareos Director",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24756",
"STATE": "PUBLIC",
"TITLE": "Missing Release of Memory after Effective Lifetime in Bareos Director"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bareos",
"version": {
"version_data": [
{
"version_value": "\u003e= 18.2, \u003c 19.2.12"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.6"
},
{
"version_value": "\u003e= 21.0.0, \u003c 21.1.0"
}
]
}
}
]
},
"vendor_name": "bareos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director \u003e= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401: Missing Release of Memory after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bareos/bareos/pull/1115",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"name": "https://github.com/bareos/bareos/pull/1119",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"name": "https://github.com/bareos/bareos/pull/1121",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"name": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/",
"refsource": "MISC",
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
},
{
"name": "https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j",
"refsource": "CONFIRM",
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j"
}
]
},
"source": {
"advisory": "GHSA-jh55-4wgw-xc9j",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24756",
"datePublished": "2022-03-15T14:40:21.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:18:06.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24755 (GCVE-0-2022-24755)
Vulnerability from nvd – Published: 2022-03-15 14:35 – Updated: 2025-04-22 18:18
VLAI?
Title
Incorrect Authorization in Bareos Director
Summary
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized.
Severity ?
8.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24755",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:44:05.468336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:18:15.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bareos",
"vendor": "bareos",
"versions": [
{
"status": "affected",
"version": "\u003e= 18.2, \u003c 19.2.12"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.6"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director \u003e= 18.2 \u003e= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T14:35:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
}
],
"source": {
"advisory": "GHSA-4979-8ffj-4q26",
"discovery": "UNKNOWN"
},
"title": "Incorrect Authorization in Bareos Director",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24755",
"STATE": "PUBLIC",
"TITLE": "Incorrect Authorization in Bareos Director"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bareos",
"version": {
"version_data": [
{
"version_value": "\u003e= 18.2, \u003c 19.2.12"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.6"
},
{
"version_value": "\u003e= 21.0.0, \u003c 21.1.0"
}
]
}
}
]
},
"vendor_name": "bareos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director \u003e= 18.2 \u003e= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26",
"refsource": "CONFIRM",
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26"
},
{
"name": "https://github.com/bareos/bareos/pull/1115",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"name": "https://github.com/bareos/bareos/pull/1119",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"name": "https://github.com/bareos/bareos/pull/1121",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"name": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/",
"refsource": "MISC",
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
}
]
},
"source": {
"advisory": "GHSA-4979-8ffj-4q26",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24755",
"datePublished": "2022-03-15T14:35:13.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:18:15.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4042 (GCVE-0-2020-4042)
Vulnerability from nvd – Published: 2020-07-10 19:30 – Updated: 2024-08-04 07:52
VLAI?
Title
Authentication bypass in Bareos
Summary
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8.
Severity ?
6.8 (Medium)
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.bareos.org/view.php?id=1250"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bareos",
"vendor": "bareos",
"versions": [
{
"status": "affected",
"version": "\u003c 19.2.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director\u0027s cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294: Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T19:30:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.bareos.org/view.php?id=1250"
}
],
"source": {
"advisory": "GHSA-vqpj-2vhj-h752",
"discovery": "UNKNOWN"
},
"title": "Authentication bypass in Bareos",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-4042",
"STATE": "PUBLIC",
"TITLE": "Authentication bypass in Bareos"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bareos",
"version": {
"version_data": [
{
"version_value": "\u003c 19.2.8"
}
]
}
}
]
},
"vendor_name": "bareos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director\u0027s cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294: Authentication Bypass by Capture-replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752",
"refsource": "CONFIRM",
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752"
},
{
"name": "https://bugs.bareos.org/view.php?id=1250",
"refsource": "MISC",
"url": "https://bugs.bareos.org/view.php?id=1250"
}
]
},
"source": {
"advisory": "GHSA-vqpj-2vhj-h752",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-4042",
"datePublished": "2020-07-10T19:30:14",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11061 (GCVE-0-2020-11061)
Vulnerability from nvd – Published: 2020-07-10 19:25 – Updated: 2024-08-04 11:21
VLAI?
Title
Heap-based Buffer Overflow in Bareos Director
Summary
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.
Severity ?
6 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bareos GmbH & Co. KG | Bareos Director |
Affected:
<= 16.2.10
Affected: <= 17.2.9 Affected: <= 18.2.8 Affected: <= 19.2.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.bareos.org/view.php?id=1210"
},
{
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2353-1] bacula security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00051.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bareos Director",
"vendor": "Bareos GmbH \u0026 Co. KG",
"versions": [
{
"status": "affected",
"version": "\u003c= 16.2.10"
},
{
"status": "affected",
"version": "\u003c= 17.2.9"
},
{
"status": "affected",
"version": "\u003c= 18.2.8"
},
{
"status": "affected",
"version": "\u003c= 19.2.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director\u0027s memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-29T23:06:35",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.bareos.org/view.php?id=1210"
},
{
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2353-1] bacula security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00051.html"
}
],
"source": {
"advisory": "GHSA-mm45-cg35-54j4",
"discovery": "UNKNOWN"
},
"title": "Heap-based Buffer Overflow in Bareos Director",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11061",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in Bareos Director"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bareos Director",
"version": {
"version_data": [
{
"version_value": "\u003c= 16.2.10"
},
{
"version_value": "\u003c= 17.2.9"
},
{
"version_value": "\u003c= 18.2.8"
},
{
"version_value": "\u003c= 19.2.7"
}
]
}
}
]
},
"vendor_name": "Bareos GmbH \u0026 Co. KG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director\u0027s memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4",
"refsource": "CONFIRM",
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4"
},
{
"name": "https://bugs.bareos.org/view.php?id=1210",
"refsource": "MISC",
"url": "https://bugs.bareos.org/view.php?id=1210"
},
{
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2353-1] bacula security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00051.html"
}
]
},
"source": {
"advisory": "GHSA-mm45-cg35-54j4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11061",
"datePublished": "2020-07-10T19:25:13",
"dateReserved": "2020-03-30T00:00:00",
"dateUpdated": "2024-08-04T11:21:14.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14610 (GCVE-0-2017-14610)
Vulnerability from nvd – Published: 2017-09-20 18:00 – Updated: 2024-09-16 17:32
VLAI?
Summary
bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.bareos.org/view.php?id=847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.bareos.org/view.php?id=847"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.bareos.org/view.php?id=847",
"refsource": "MISC",
"url": "https://bugs.bareos.org/view.php?id=847"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14610",
"datePublished": "2017-09-20T18:00:00Z",
"dateReserved": "2017-09-20T00:00:00Z",
"dateUpdated": "2024-09-16T17:32:56.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2022-24756
Vulnerability from fkie_nvd - Published: 2022-03-15 15:15 - Updated: 2024-11-21 06:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B87F6ED-504F-444D-B73F-FB992F85BE8C",
"versionEndExcluding": "19.2.12",
"versionStartIncluding": "18.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A73A54-46B9-44DD-A72B-3C7079A1C3DA",
"versionEndExcluding": "20.0.6",
"versionStartIncluding": "20.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8107656-119B-4C4F-8365-CB1B79CE3233",
"versionEndExcluding": "21.1.0",
"versionStartIncluding": "21.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director \u003e= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround."
},
{
"lang": "es",
"value": "Bareos es un software de c\u00f3digo abierto para la realizaci\u00f3n de copias de seguridad, archivo y recuperaci\u00f3n de datos para sistemas operativos. Cuando Bareos Director versiones posteriores a 18.2 incluy\u00e9ndola, pero anteriores a 21.1.0, 20.0.6, y 19.2.12, es construido y configurado para la autenticaci\u00f3n PAM, una autenticaci\u00f3n PAM fallida filtrar\u00e1 una peque\u00f1a cantidad de memoria. Un atacante que sea capaz de usar la consola PAM (es decir, conociendo el secreto compartido o por medio de la WebUI) puede inundar el Director con intentos fallidos de inicio de sesi\u00f3n, lo que finalmente conllevar\u00e1 a una condici\u00f3n de falta de memoria en la que Director dejar\u00e1 de funcionar. Bareos Director versiones 21.1.0, 20.0.6 y 19.2.12, contienen una correcci\u00f3n de errores para este problema. Los usuarios que no puedan actualizar pueden deshabilitar la autenticaci\u00f3n PAM Como medida de mitigaci\u00f3n"
}
],
"id": "CVE-2022-24756",
"lastModified": "2024-11-21T06:51:01.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T15:15:08.437",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-24755
Vulnerability from fkie_nvd - Published: 2022-03-15 15:15 - Updated: 2024-11-21 06:51
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B87F6ED-504F-444D-B73F-FB992F85BE8C",
"versionEndExcluding": "19.2.12",
"versionStartIncluding": "18.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7A73A54-46B9-44DD-A72B-3C7079A1C3DA",
"versionEndExcluding": "20.0.6",
"versionStartIncluding": "20.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8107656-119B-4C4F-8365-CB1B79CE3233",
"versionEndExcluding": "21.1.0",
"versionStartIncluding": "21.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director \u003e= 18.2 \u003e= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized."
},
{
"lang": "es",
"value": "Bareos es un software de c\u00f3digo abierto para realizar copias de seguridad, archivar y recuperar datos de sistemas operativos. Cuando Bareos Director versiones posteriores a 18.2 incluy\u00e9ndola, pero anteriores a 21.1.0, 20.0.6 y 19.2.12, es construido y configurado para la autenticaci\u00f3n PAM, omitir\u00e1 completamente las comprobaciones de autorizaci\u00f3n. Las cuentas caducadas y las cuentas con contrase\u00f1as caducadas pueden seguir iniciando sesi\u00f3n. Este problema afectar\u00e1 a usuarios que tengan habilitado PAM. Actualmente no se presenta autorizaci\u00f3n (por ejemplo, comprobar si se presentan cuentas caducadas o deshabilitadas), sino s\u00f3lo autenticaci\u00f3n simple (es decir, comprobar si el nombre de usuario y la contrase\u00f1a coinciden). Bareos Director versiones 21.1.0, 20.0.6 y 19.2.12, implementan la comprobaci\u00f3n de autorizaci\u00f3n que antes no se presentaba. La \u00fanica medida de mitigaci\u00f3n es asegurarse de que la autenticaci\u00f3n falle si el usuario no est\u00e1 autorizado"
}
],
"id": "CVE-2022-24755",
"lastModified": "2024-11-21T06:51:01.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T15:15:08.273",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-4042
Vulnerability from fkie_nvd - Published: 2020-07-10 20:15 - Updated: 2024-11-21 05:32
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
Summary
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://bugs.bareos.org/view.php?id=1250 | Vendor Advisory | |
| security-advisories@github.com | https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.bareos.org/view.php?id=1250 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752 | Mitigation, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6ACBB8-09C5-4BDD-845B-051727FD81B6",
"versionEndIncluding": "19.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bareos:bareos:19.2.8:pre:*:*:*:*:*:*",
"matchCriteriaId": "DE235835-E998-4959-8C84-34D5DB4C8424",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director\u0027s cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8."
},
{
"lang": "es",
"value": "Bareos versiones anteriores a 19.2.8 y anteriores, permite a un cliente malicioso comunicarse con el director sin conocer el secreto compartido si el director permite la conexi\u00f3n iniciada por el cliente y conecta con el cliente mismo. El cliente malicioso puede reproducir el desaf\u00edo cram-md5 del director de Bareos al director mismo, conduciendo al director a responder al desaf\u00edo reproducido. La respuesta obtenida es entonces una respuesta v\u00e1lida al desaf\u00edo original de los directores. Esto es corregido en la versi\u00f3n 19.2.8"
}
],
"id": "CVE-2020-4042",
"lastModified": "2024-11-21T05:32:12.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-10T20:15:11.250",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.bareos.org/view.php?id=1250"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.bareos.org/view.php?id=1250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-294"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-294"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-11061
Vulnerability from fkie_nvd - Published: 2020-07-10 20:15 - Updated: 2024-11-21 04:56
Severity ?
6.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Summary
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://bugs.bareos.org/view.php?id=1210 | Vendor Advisory | |
| security-advisories@github.com | https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4 | Third Party Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2020/08/msg00051.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.bareos.org/view.php?id=1210 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2020/08/msg00051.html | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72B0B3A9-13BA-4BD3-A83B-57FAC6142D58",
"versionEndIncluding": "16.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2202616-3D50-475B-B7E9-8462D86415CD",
"versionEndIncluding": "17.2.9",
"versionStartIncluding": "17.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DFB7AE-7974-4DBD-BABE-377482CF843F",
"versionEndIncluding": "18.2.8",
"versionStartIncluding": "18.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67497866-DA6E-4077-8C53-EF6D7B442B6A",
"versionEndIncluding": "19.2.7",
"versionStartIncluding": "18.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bareos:bareos:18.2.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "158CA481-DC00-4AC1-8A4E-6E256D6065A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bareos:bareos:18.2.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "84D7C5FC-7EB3-406E-941C-A7F4C5569117",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director\u0027s memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10."
},
{
"lang": "es",
"value": "En Bareos Director versiones menores o iguales a 16.2.10, 17.2.9, 18.2.8 y 19.2.7, un desbordamiento de la pila permite a un cliente malicioso corromper la memoria de director por medio de cadenas de resumen de gran tama\u00f1o enviadas durante la inicializaci\u00f3n de un trabajo de verificaci\u00f3n. Deshabilitar los trabajos de verificaci\u00f3n mitiga el problema. Este problema tambi\u00e9n est\u00e1 parcheado en Bareos versiones 19.2.8, 18.2.9 y 17.2.10"
}
],
"id": "CVE-2020-11061",
"lastModified": "2024-11-21T04:56:42.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 3.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-10T20:15:11.157",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.bareos.org/view.php?id=1210"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.bareos.org/view.php?id=1210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00051.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-14610
Vulnerability from fkie_nvd - Published: 2017-09-20 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://bugs.bareos.org/view.php?id=847 | Issue Tracking, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.bareos.org/view.php?id=847 | Issue Tracking, Mitigation, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88D2372E-F2FB-48E9-A1C6-1355ED75DC25",
"versionEndIncluding": "16.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command."
},
{
"lang": "es",
"value": "bareos-dir, bareos-fd y bareos-sd en bareos-core en Bareos 16.2.6 y anteriores crea un archivo PID tras eliminar privilegios a una cuenta no root, lo que podr\u00eda permitir que usuarios locales terminen procesos arbitrarios aprovechando el acceso a esta cuenta no root para modificar archivos PID antes de que un script root ejecute un comando \"kill `cat /pathname`\"."
}
],
"id": "CVE-2017-14610",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-20T18:29:01.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://bugs.bareos.org/view.php?id=847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://bugs.bareos.org/view.php?id=847"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}