Impact
When Bareos Director >= 18.2 is build and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore.
Patches
Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. All users using a PAM Console in Bareos Director should immediately upgrade to one of these versions and check that their PAM configuration works as desired.
Please note that the upgrade may break a currently working PAM configuration! See the updated documentation on how to fix this.
Workarounds
- disable PAM authentication
References
For more information
If you have any questions or comments about this advisory:
ysf Analyst
Impact
When Bareos Director >= 18.2 is build and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore.
Patches
Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. All users using a PAM Console in Bareos Director should immediately upgrade to one of these versions and check that their PAM configuration works as desired.
Please note that the upgrade may break a currently working PAM configuration! See the updated documentation on how to fix this.
Workarounds
References
For more information
If you have any questions or comments about this advisory: