Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing Release of Memory after Effective Lifetime in Bareos Director
Vulnerability Description
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
在移除最后引用时对内存的释放不恰当(内存泄露)
Vulnerability Title
Bareos 安全漏洞
Vulnerability Description
Bareos是德国Bareos公司的一套开源的数据备份存储和恢复软件。Bareos Director是Bareos的守护进程。 Bareos 存在安全漏洞,该漏洞源于受影响产品为 PAM 身份验证构建和配置时,失败的 PAM 身份验证将泄漏少量内存。
CVSS Information
N/A
Vulnerability Type
N/A