Back to search
CVE-2007-5626
Published: Oct 23, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
bacula-makecatalogbackup-info-disclosure(37336)
vdb-entry
x_refsource_XF
GLSA-200807-10
vendor-advisory
x_refsource_GENTOO
http://bugs.bacula.org/view.php?id=990
x_refsource_CONFIRM
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809
x_refsource_CONFIRM
ADV-2007-3572
vdb-entry
x_refsource_VUPEN
27243
third-party-advisory
x_refsource_SECUNIA
41861
vdb-entry
x_refsource_OSVDB
26156
vdb-entry
x_refsource_BID
31184
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now