PT-2020-12522 · Bareos+1 · Bareos Director+1
Arogge
·
Published
2020-07-10
·
Updated
2023-01-27
·
CVE-2020-11061
CVSS v3.1
7.4
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Bareos Director versions prior to 16.2.11
Bareos Director versions prior to 17.2.10
Bareos Director versions prior to 18.2.9
Bareos Director versions prior to 19.2.8
Description
A heap overflow in the Bareos Director allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem.
Recommendations
For Bareos Director version 16.2.10 and earlier, update to version 16.2.11 or later.
For Bareos Director version 17.2.9, update to version 17.2.10 or later.
For Bareos Director version 18.2.8, update to version 18.2.9 or later.
For Bareos Director version 19.2.7, update to version 19.2.8 or later.
As a temporary workaround, consider disabling verify jobs until a patch is available.
Fix
Heap Based Buffer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Bareos Director