Lucene search

[email protected]CVE-2007-2766

HistoryMay 18, 2007 - 10:30 p.m.

CVE-2007-2766

2007-05-1822:30:00

CWE-255

[email protected]

web.nvd.nist.gov

backup manager

0.7.6

mysql

password

vulnerability

plaintext

command line

argument

lib/backup-methods.sh

6.4 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh.

CPENameOperatorVersion
backup_manager:backup_managerbackup managerle0.7.5

CPE	Name	Operator	Version
backup_manager:backup_manager	backup manager	le	0.7.5

References

bugzilla.backup-manager.org/cgi-bin/show_bug.cgi?id=146

osvdb.org/34780

www.backup-manager.org/pipermail/backup-manager-commits/2007-January/000212.html

www.vupen.com/english/advisories/2007/2412

www2.backup-manager.org/Release076

exchange.xforce.ibmcloud.com/vulnerabilities/34489

6.4 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2007-2766

prion2 debiancve2 cve1 ubuntucve1