Описание
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2.2.8-5ubuntu1 |
| edgy | ignored | end of life, was needed |
| feisty | ignored | end of life, was needed |
| gutsy | ignored | end of life, was needed |
| hardy | released | 2.2.8-5ubuntu1 |
| intrepid | released | 2.2.8-5ubuntu1 |
| jaunty | released | 2.2.8-5ubuntu1 |
| karmic | released | 2.2.8-5ubuntu1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
2.1 Low
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MyS ...
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
2.1 Low
CVSS2
5.5 Medium
CVSS3