Ubuntu
backup-manager package

[backup-manager] [CVE-2007-4656] information disclosure

Bug #203454 reported by disabled.user on 2008-03-18

254

Affects		Status	Importance	Assigned to	Milestone
	backup-manager (Debian)	Fix Released	Unknown	debbugs #439392
	backup-manager (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: backup-manager

References:
DSA-1518-1 (http://www.debian.org/security/2008/dsa-1518)

Quoting:
"Micha Lenk discovered that backup-manager, a command-line backup tool,
sends the password as a command line argument when calling a FTP client,
which may allow a local attacker to read this password (which provides
access to all backed-up files) from the process listing."

CVE References

2007-4656

Bug Watch Updater (bug-watch-updater) on 2008-03-18

Changed in backup-manager:
status:	Unknown → Fix Released

William Grant (wgrant) on 2008-03-22

Changed in backup-manager:
status:	New → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #439392
[done critical security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntubackup-manager package