CVE-2020-11061 Information

Description

In Bareos Director less than or equal to 16.2.10 17.2.9 18.2.8 and 19.2.7 a heap overflow allows a malicious client to corrupt the director’s memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8 18.2.9 and 17.2.10.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Reference

https://bugs.bareos.org/view.php?id=1210 https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4 https://lists.debian.org/debian-lts-announce/2020/08/msg00051.html

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

7.4