make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
References
Configurations
History
21 Nov 2024, 00:38
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugs.bacula.org/view.php?id=990 - Permissions Required, Vendor Advisory | |
References | () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809 - Issue Tracking, Mailing List, Third Party Advisory | |
References | () http://osvdb.org/41861 - Broken Link | |
References | () http://secunia.com/advisories/27243 - Broken Link, Third Party Advisory | |
References | () http://secunia.com/advisories/31184 - Broken Link, Third Party Advisory | |
References | () http://security.gentoo.org/glsa/glsa-200807-10.xml - Third Party Advisory | |
References | () http://www.securityfocus.com/bid/26156 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.vupen.com/english/advisories/2007/3572 - Broken Link, Permissions Required, Third Party Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/37336 - Third Party Advisory, VDB Entry |
25 Jan 2024, 21:00
Type | Values Removed | Values Added |
---|---|---|
References | (VUPEN) http://www.vupen.com/english/advisories/2007/3572 - Broken Link, Permissions Required, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/27243 - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/31184 - Broken Link, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/26156 - Broken Link, Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://bugs.bacula.org/view.php?id=990 - Permissions Required, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CWE | CWE-319 |
Information
Published : 2007-10-23 16:46
Updated : 2024-11-21 00:38
NVD link : CVE-2007-5626
Mitre link : CVE-2007-5626
CVE.ORG link : CVE-2007-5626
JSON object : View
Products Affected
bacula
- bacula
CWE
CWE-319
Cleartext Transmission of Sensitive Information