Published: 04/09/2007 Updated: 28/08/2013

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

backup-manager-upload in Backup Manager prior to 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.

Vulnerable Product	Search on Vulmon	Subscribe to Product
backup manager backup manager

Debian Bug report logs - #439392 backup-manager: password disclosure in backup uploads Package: backup-manager; Maintainer for backup-manager is Maximiliano Curia <maxy@debianorg>; Source for backup-manager is src:backup-manager (PTS, buildd, popcon) Reported by: Micha Lenk <micha@lenkinfo> Date: Fri, 24 Aug 2007 1 ...

Micha Lenk discovered that backup-manager, a command-line backup tool, sends the password as a command line argument when calling a FTP client, which may allow a local attacker to read this password (which provides access to all backed-up files) from the process listing For the old stable distribution (sarge), this problem has been fixed in versio ...

CWE-255 CWE-310 CWE-200 http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173 http://www2.backup-manager.org/Release063 http://secunia.com/advisories/26657 http://www.securityfocus.com/bid/25503 http://www.securitytracker.com/id?1018639 http://www.debian.org/security/2008/dsa-1518 http://secunia.com/advisories/29377 http://osvdb.org/37444 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392 https://nvd.nist.gov https://www.debian.org/security/./dsa-1518

CVE-2007-4656

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect