CVE-2007-4656

backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.
Configurations

Configuration 1 (hide)

cpe:2.3:a:backup_manager:backup_manager:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:36

Type Values Removed Values Added
References () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392 - () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392 -
References () http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173 - () http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173 -
References () http://osvdb.org/37444 - () http://osvdb.org/37444 -
References () http://secunia.com/advisories/26657 - Patch, Vendor Advisory () http://secunia.com/advisories/26657 - Patch, Vendor Advisory
References () http://secunia.com/advisories/29377 - () http://secunia.com/advisories/29377 -
References () http://www.debian.org/security/2008/dsa-1518 - () http://www.debian.org/security/2008/dsa-1518 -
References () http://www.securityfocus.com/bid/25503 - () http://www.securityfocus.com/bid/25503 -
References () http://www.securitytracker.com/id?1018639 - () http://www.securitytracker.com/id?1018639 -
References () http://www2.backup-manager.org/Release063 - Patch () http://www2.backup-manager.org/Release063 - Patch

Information

Published : 2007-09-04 22:17

Updated : 2024-11-21 00:36


NVD link : CVE-2007-4656

Mitre link : CVE-2007-4656

CVE.ORG link : CVE-2007-4656


JSON object : View

Products Affected

backup_manager

  • backup_manager
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-255

Credentials Management Errors

CWE-310

Cryptographic Issues