CVE-2007-4656

Sažetak

backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392
http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173
http://osvdb.org/37444
http://secunia.com/advisories/26657
http://secunia.com/advisories/29377
http://www.debian.org/security/2008/dsa-1518
http://www.securityfocus.com/bid/25503
http://www.securitytracker.com/id?1018639
http://www2.backup-manager.org/Release063

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

28-08-2013 - 05:37

Objavljeno

04-09-2007 - 22:17