Hello Dan,
Thanks for the notification.
I am not sure who submitted this, but it is clear that they just
looked at the release notes and made some assumptions which
are not true.
Users were not required to be "malicious" to view resource records
in versions prior to 5.2.11, and no one had to "bypass security
restrictions" because there were no security restrictions.
Best regards,
Kern
On 09/18/2012 04:05 AM, Dan Langille wrote:
FYI:
"A security issue has been reported in Bacula, which can be exploited
by malicious users to bypass certain security restrictions.
The security issue is caused due to an error within the implementation
of console ACLs, which can be exploited to gain access to certain
restricted functionality and e.g. dump resources."
http://www.vuxml.org/freebsd/143f6932-fedb-11e1-ad4a-003067b2972c.html
Sent from my iPad
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Bacula-devel mailing list
Bacula-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-devel
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Bacula-devel mailing list
Bacula-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-devel