Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2007-4656 | First vendor Publication | 2007-09-04 |
Vendor | Cve | Last vendor Modification | 2013-08-28 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4656 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-310 | Cryptographic Issues |
33 % | CWE-255 | Credentials Management |
33 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18669 | |||
Oval ID: | oval:org.mitre.oval:def:18669 | ||
Title: | DSA-1518-1 backup-manager - information disclosure | ||
Description: | Micha Lenk discovered that backup-manager, a command-line backup tool, sends the password as a command line argument when calling a FTP client, which may allow a local attacker to read this password (which provides access to all backed-up files) from the process listing. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1518-1 CVE-2007-4656 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | backup-manager |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7673 | |||
Oval ID: | oval:org.mitre.oval:def:7673 | ||
Title: | DSA-1518 backup-manager -- programming error | ||
Description: | Micha Lenk discovered that backup-manager, a command-line backup tool, sends the password as a command line argument when calling a FTP client, which may allow a local attacker to read this password (which provides access to all backed-up files) from the process listing. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1518 CVE-2007-4656 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 3.1 | Product(s): | backup-manager |
Definition Synopsis: | |||
|
OpenVAS Exploits
Date | Description |
---|---|
2008-03-19 | Name : Debian Security Advisory DSA 1518-1 (backup-manager) File : nvt/deb_1518_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
37444 | Backup Manager FTP Upload Password Disclosure |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-03-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1518.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-04-22 01:06:53 |
|
2020-05-23 01:38:42 |
|
2020-05-23 00:20:23 |
|
2016-06-28 16:52:44 |
|
2016-04-26 16:33:19 |
|
2014-02-17 10:41:32 |
|
2013-08-29 13:19:39 |
|
2013-05-11 10:35:21 |
|