RSS   Vulnerabilities for 'Bacula backup'   RSS

2007-10-23
 
CVE-2007-5626

CWE-310
 

 
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.

 

 >>> Vendor: Bacula 3 Products
Bacula
Bacula backup
Bacula-web


Copyright 2024, cxsecurity.com

 

Back to Top