CVE-2005-2995

Name of the Vulnerable Software and Affected Versions bacula versions 1.36.3 and earlier

Description The issue allows local users to modify or read sensitive files via symlink attacks on the temporary file used by autoconf/randpass when openssl is not available, or the mtx.[PID] temporary file in mtx-changer.in.

Recommendations For bacula versions 1.36.3 and earlier, consider restricting access to the temporary files used by autoconf/randpass and mtx-changer.in to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.