This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200807-10
(Bacula: Information disclosure)
Matthijs Kooijman reported that the 'make_catalog_backup' script uses
the MySQL password as a command line argument when invoking other
A local attacker could list the processes on the local machine when the
script is running to obtain the MySQL password. Note: The password
could also be disclosed via network sniffing attacks when the script
fails, in which case it would be sent via cleartext e-mail.
There is no known workaround at this time.
See also :
A warning about this issue has been added in version 2.4.1, but the
issue is still unfixed. We advise not to use the make_catalog_backup
script, but to put all MySQL parameters into a dedicated file readable
only by the user running Bacula.
Risk factor :
Low / CVSS Base Score : 2.1
Family: Gentoo Local Security Checks
Nessus Plugin ID: 33556 (gentoo_GLSA-200807-10.nasl)
CVE ID: CVE-2007-5626
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.