CVE-2007-4656

high

Description

backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.

References

http://www2.backup-manager.org/Release063

http://www.securitytracker.com/id?1018639

http://www.securityfocus.com/bid/25503

http://www.debian.org/security/2008/dsa-1518

http://secunia.com/advisories/29377

http://secunia.com/advisories/26657

http://osvdb.org/37444

http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392

Details

Source: Mitre, NVD

Published: 2007-09-04

Updated: 2013-08-28

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High