*** This bug is a security vulnerability ***
Private security bug reported:
During installation bacula creates /etc/bacula/common_default_passwords and
uses this passwords in /etc/bacula/bacula-{sd,fd,dir}.conf files.
However DIRPASSWD from common_default_passwords does not match one in
bacula-dir.conf, instead hardcoded value is used.
I installed bacula on 2 different systems and in both cases passwords in
common_default_passwords were random and unique but bacula-dir.conf "Director"
password was the same on both systems.
Ubuntu 12.04.2 LTS
bacula:
Installed: 5.2.5-0ubuntu6.2
Candidate: 5.2.5-0ubuntu6.2
Version table:
*** 5.2.5-0ubuntu6.2 0
500 http://gb.archive.ubuntu.com/ubuntu/ precise-updates/main amd64
Packages
100 /var/lib/dpkg/status
5.2.5-0ubuntu6 0
500 http://gb.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
** Affects: bacula (Ubuntu)
Importance: Undecided
Status: New
** Tags: precise
** Information type changed from Public to Private Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bacula in Ubuntu.
https://bugs.launchpad.net/bugs/1197018
Title:
bacula-dir.conf does not use random password
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bacula/+bug/1197018/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
