Lucene search

[email protected]CVE-2007-5201

HistoryOct 04, 2007 - 5:17 p.m.

CVE-2007-5201

2007-10-0417:17:00

CWE-200

[email protected]

web.nvd.nist.gov

ftp

backend

duplicity

password exposure

local users

security vulnerability

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.

Affected configurations

NVD

Node

duplicity_projectduplicityRange<0.4.9

CPENameOperatorVersion
duplicity_project:duplicityduplicity project duplicitylt0.4.9

CPE	Name	Operator	Version
duplicity_project:duplicity	duplicity project duplicity	lt	0.4.9

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=442840

duplicity.nongnu.org/CHANGELOG

osvdb.org/42339

secunia.com/advisories/28917

www.securityfocus.com/bid/27771

bugzilla.redhat.com/show_bug.cgi?id=293081

www.redhat.com/archives/fedora-package-announce/2008-February/msg00356.html

www.redhat.com/archives/fedora-package-announce/2008-February/msg00445.html

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-5201

openvas4 ubuntucve1 cvelist1 github1 fedora2 prion1 nvd1 redhatcve1 nessus2 osv1 debiancve1