make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
References
Link | Resource |
---|---|
http://bugs.bacula.org/view.php?id=990 | Permissions Required Vendor Advisory |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809 | Mailing List Issue Tracking Third Party Advisory |
http://osvdb.org/41861 | Broken Link |
http://secunia.com/advisories/27243 | Broken Link Third Party Advisory |
http://secunia.com/advisories/31184 | Broken Link Third Party Advisory |
http://security.gentoo.org/glsa/glsa-200807-10.xml | Third Party Advisory |
http://www.securityfocus.com/bid/26156 | Broken Link Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2007/3572 | Broken Link Permissions Required Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/37336 | Third Party Advisory VDB Entry |
Configurations
History
25 Jan 2024, 21:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CWE | CWE-319 | |
References | (VUPEN) http://www.vupen.com/english/advisories/2007/3572 - Broken Link, Permissions Required, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/27243 - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/31184 - Broken Link, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/26156 - Broken Link, Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://bugs.bacula.org/view.php?id=990 - Permissions Required, Vendor Advisory |
Information
Published : 2007-10-23 16:46
Updated : 2024-02-04 17:13
NVD link : CVE-2007-5626
Mitre link : CVE-2007-5626
CVE.ORG link : CVE-2007-5626
JSON object : View
Products Affected
bacula
- bacula
CWE
CWE-319
Cleartext Transmission of Sensitive Information