CVE-2007-5626
Gentoo Linux Security Advisory 200807-10
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
make_catalog_backup en Bacula 2.2.5, y posiblemente anteriores, envíe una contraseña MySQL como un argumento de línea de comando, y algunas veces transmite un e-mail en texto plano conteniendo esta línea de comando, lo cual permite a atacantes dependientes del contexto obtener la contraseña listando el proceso y sus argumentos, o realizando sniffing en la red.
Matthijs Kooijman reported that the make_catalog_backup script uses the MySQL password as a command line argument when invoking other programs. Versions less than 2.4.1 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-10-23 CVE Reserved
- 2007-10-23 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809 | Issue Tracking | |
| http://osvdb.org/41861 | Broken Link | |
| http://secunia.com/advisories/27243 | Broken Link | |
| http://secunia.com/advisories/31184 | Broken Link | |
| http://www.securityfocus.com/bid/26156 | Broken Link | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37336 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200807-10.xml | 2024-01-25 |