Vulnerability Description
backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Backup Manager | Backup Manager | <= 0.6.2 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392
- http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173
- http://osvdb.org/37444
- http://secunia.com/advisories/26657PatchVendor Advisory
- http://secunia.com/advisories/29377
- http://www.debian.org/security/2008/dsa-1518
- http://www.securityfocus.com/bid/25503
- http://www.securitytracker.com/id?1018639
- http://www2.backup-manager.org/Release063Patch
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392
- http://bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=173
- http://osvdb.org/37444
- http://secunia.com/advisories/26657PatchVendor Advisory
- http://secunia.com/advisories/29377
- http://www.debian.org/security/2008/dsa-1518
FAQ
What is CVE-2007-4656?
CVE-2007-4656 is a vulnerability with a CVSS score of 2.1 (LOW). backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain...
How severe is CVE-2007-4656?
CVE-2007-4656 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4656?
Check the references section above for vendor advisories and patch information. Affected products include: Backup Manager Backup Manager.