Описание
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| duplicity | fixed | 0.4.3-2 | package | |
| duplicity | not-affected | etch | package | |
| duplicity | not-affected | sarge | package |
Примечания
ftp is an inherently insecure protocol, any security-sensitive data would
be transferred through the scp, sftp or rsync backends.
http://lists.debian.org/debian-release/2008/01/msg00190.html
Связанные уязвимости
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.
FTP backend for Duplicity Discloses Passwords to Process Listing