5.5

CVE-2007-5626

make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.

Data is provided by the National Vulnerability Database (NVD)
BaculaBacula Version <= 2.2.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.063
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

http://bugs.bacula.org/view.php?id=990
Vendor Advisory
Permissions Required
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809
Third Party Advisory
Mailing List
Issue Tracking
http://secunia.com/advisories/27243
Third Party Advisory
Broken Link
http://secunia.com/advisories/31184
Third Party Advisory
Broken Link
http://www.securityfocus.com/bid/26156
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2007/3572
Third Party Advisory
Broken Link
Permissions Required