Backup Manager Discloses the Upload Site's FTP Password to Local Users
|
|
SecurityTracker Alert ID: 1018639
|
|
SecurityTracker URL: http://securitytracker.com/id?1018639
|
|
CVE Reference: CVE-2007-4656
(Links to External Site)
|
Updated: Apr 1 2008
|
Original Entry Date: Aug 31 2007
|
Impact: Disclosure of authentication information
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 0.6.3
|
Description: A vulnerability was reported in Backup Manager. A local user can view certain passwords.
When an FTP upload is in progress, a local user can view the process list to view the FTP username and password for the target upload site.
Micha Lenk reported this vulnerability.
|
Impact: A local user can view FTP passwords.
|
Solution: The vendor has issued a fixed version (0.6.3).
The Backup Manager advisory is available at:
http://www2.backup-manager.org/Release063
|
Vendor URL: www2.backup-manager.org/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 31 Aug 2007 11:25:49 -0400
Subject: Backup Manager
|
http://www2.backup-manager.org/Release063
|
|
