Lucene search
GoogleOSV:GHSA-WXCW-RQXC-HJ85HistoryMay 01, 2022 - 6:31 p.m.
FTP backend for Duplicity Discloses Passwords to Process Listing
2022-05-0118:31:03
Google
osv.dev
1
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=442840
bugzilla.redhat.com/show_bug.cgi?id=293081
gitlab.com/duplicity/duplicity
nvd.nist.gov/vuln/detail/CVE-2007-5201
web.archive.org/web/20080118045107/https://duplicity.nongnu.org/CHANGELOG
web.archive.org/web/20200228164800/www.securityfocus.com/bid/27771
www.redhat.com/archives/fedora-package-announce/2008-February/msg00356.html
www.redhat.com/archives/fedora-package-announce/2008-February/msg00445.html
Related
openvas
openvas
Fedora Update for duplicity FEDORA-2008-1584
2009-02-16 00:00:00
Fedora Update for duplicity FEDORA-2008-1584
2009-02-16 00:00:00
Fedora Update for duplicity FEDORA-2008-1521
2009-02-16 00:00:00
ubuntucve
ubuntucve
CVE-2007-5201
2007-10-04 00:00:00
cvelist
cvelist
CVE-2007-5201
2007-10-04 17:00:00
github
github
FTP backend for Duplicity Discloses Passwords to Process Listing
2022-05-01 18:31:03
redhatcve
redhatcve
CVE-2007-5201
2019-10-04 21:01:06
nessus
nessus
Fedora 8 : duplicity-0.4.9-1.fc8 (2008-1521)
2008-02-14 00:00:00
Fedora 7 : duplicity-0.4.9-1.fc7 (2008-1584)
2008-02-14 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: duplicity-0.4.9-1.fc8
2008-02-13 05:00:03
[SECURITY] Fedora 7 Update: duplicity-0.4.9-1.fc7
2008-02-13 05:12:35
prion
prion
Default credentials
2007-10-04 17:17:00
nvd
nvd
CVE-2007-5201
2007-10-04 17:17:00
cve
cve
CVE-2007-5201
2007-10-04 17:17:00
debiancve
debiancve
CVE-2007-5201
2007-10-04 17:17:00