Download
| Alert*
|
oval:org.secpod.oval:def:605162
bareos is installed oval:org.secpod.oval:def:603884 bareos is installed oval:org.secpod.oval:def:2004228 Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director"s cram-md5 challenge to ... oval:org.secpod.oval:def:2000502 bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script e ... |
