Timeline :

Vulnerabilities discovered by Eric Romang the 2005-09-06
Vendor notified the 2005-09-19
Coordinated vulnerabilities disclosure the 2005-09-20

Reference(s) :

CVE-2005-2995
OSVDB-19514

Affected version(s) :

bacula equal or under version 1.36.3

Description :

Bacula contains flaws that may allow a malicious local user to create or overwrite arbitrary files on the system.

The issue is due to scripts/mtx-changer.in creating temporary files in /tmp insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

The issue is due to /autoconf/randpass creating temporary files in /tmp insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

The issue is due to /rescue/linux/getdiskinfo creating temporary files in /tmp insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.