Описание
FTP backend for Duplicity Discloses Passwords to Process Listing
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-5201
- https://bugzilla.redhat.com/show_bug.cgi?id=293081
- https://web.archive.org/web/20080118045107/https://duplicity.nongnu.org/CHANGELOG
- https://web.archive.org/web/20200228164800/http://www.securityfocus.com/bid/27771
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00356.html
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00445.html
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442840
Пакеты
duplicity
< 0.4.9
0.4.9
Связанные уязвимости
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.
The FTP backend for Duplicity before 0.4.9 sends the password as a com ...