CVE-2007-0627

Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://freshmeat.net/projects/gtalkbot/?branch_id=67830&release_id=245004
http://osvdb.org/33071
http://secunia.com/advisories/23942
http://www.securityfocus.com/bid/22322
http://www.stillhq.com/gtalkbot/
http://www.stillhq.com/gtalkbot/000003.html
http://www.vupen.com/english/advisories/2007/0408
https://exchange.xforce.ibmcloud.com/vulnerabilities/31923

Configurations

Configuration 1 (hide)

cpe:2.3:a:michael_still:gtalkbot:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-01-31 18:28

Updated : 2024-02-04 17:13

NVD link : CVE-2007-0627

Mitre link : CVE-2007-0627

CVE.ORG link : CVE-2007-0627

JSON object : View

Products Affected

michael_still

gtalkbot

CWE

NVD-CWE-Other

{"id": "CVE-2007-0627", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-01-31T18:28:00.000", "references": [{"url": "http://freshmeat.net/projects/gtalkbot/?branch_id=67830&release_id=245004", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/33071", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23942", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22322", "source": "cve@mitre.org"}, {"url": "http://www.stillhq.com/gtalkbot/", "source": "cve@mitre.org"}, {"url": "http://www.stillhq.com/gtalkbot/000003.html", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0408", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31923", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process."}, {"lang": "es", "value": "Michael Still gtalkbot anterior a la 1.2 establece los argumentos de nombre de usuario (username) y contrase\u00f1a (password) en la l\u00ednea de comando, lo que permite a usuarios locales obtener informaci\u00f3n sensible listando el proceso."}], "lastModified": "2017-07-29T01:30:18.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:michael_still:gtalkbot:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD099011-3581-4454-BD4A-0B5494CE9CF3", "versionEndIncluding": "1.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}