CVE-2020-11061
10.07.2020, 20:15
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.Enginsight
| Vendor | Product | Version |
|---|---|---|
| bareos | bareos | 𝑥 ≤ 16.2.10 |
| bareos | bareos | 17.2.4 ≤ 𝑥 ≤ 17.2.9 |
| bareos | bareos | 18.2.5 ≤ 𝑥 ≤ 18.2.8 |
| bareos | bareos | 18.4.1 ≤ 𝑥 ≤ 19.2.7 |
| bareos | bareos | 18.2.4:rc1 |
| bareos | bareos | 18.2.4:rc2 |
| debian | debian_linux | 9.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| bacula |
| ||||||||||||||||||||||||||
| bareos |
|
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References