Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5626

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2007-5626
Last Modified 07 Mar 2011 10:01:02
Published 23 Oct 2007 12:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-5626

Summary

make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.

Vulnerable Systems

Application

  • Bacula Backup 2.2.5


References

VUPEN - ADV-2007-3572

GENTOO - GLSA-200807-10

SECUNIA - 31184

SECUNIA - 27243

OSVDB - 41861

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809

CONFIRM - http://bugs.bacula.org/view.php?id=990

XF - bacula-makecatalogbackup-info-disclosure(37336)

BID - 26156


Last Updated: 27 May 2016 10:46:13