Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5201

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2007-5201
Last Modified 23 Dec 2008 12:00:00
Published 04 Oct 2007 01:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-5201

Summary

The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.

Vulnerable Systems

Application

  • Duplicity 0.1.0

  • Duplicity 0.1.1

  • Duplicity 0.2.0

  • Duplicity 0.2.1

  • Duplicity 0.3.0

  • Duplicity 0.3.1

  • Duplicity 0.4.0

  • Duplicity 0.4.1

  • Duplicity 0.4.2

  • Duplicity 0.4.3

  • Duplicity 0.4.4

  • Duplicity 0.4.5

  • Duplicity 0.4.6

  • Duplicity 0.4.7

  • Duplicity 0.4.8


References

FEDORA - FEDORA-2008-1584

FEDORA - FEDORA-2008-1521

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=293081

BID - 27771

SECUNIA - 28917

OSVDB - 42339

CONFIRM - http://duplicity.nongnu.org/CHANGELOG

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442840


Last Updated: 27 May 2016 10:46:06