CVE-2022-24756

Name of the Vulnerable Software and Affected Versions Bareos Director versions 18.2 through 21.1.0 (excluding 21.1.0), 20.0.6 (excluding 20.0.6), and 19.2.12 (excluding 19.2.12) Bareos Director versions prior to 19.2.12 Bareos Director versions prior to 20.0.6 Bareos Director versions prior to 21.1.0

Description Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore.

Recommendations For Bareos Director versions prior to 19.2.12, upgrade to version 19.2.12 or later. For Bareos Director versions prior to 20.0.6, upgrade to version 20.0.6 or later. For Bareos Director versions prior to 21.1.0, upgrade to version 21.1.0 or later. As a temporary workaround, consider disabling PAM authentication until a patch is available.