Vulnerability Details CVE-2007-5626
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.2%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
- http://bugs.bacula.org/view.php?id=990
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809
- http://osvdb.org/41861
- http://secunia.com/advisories/27243
- http://secunia.com/advisories/31184
- http://security.gentoo.org/glsa/glsa-200807-10.xml
- http://www.securityfocus.com/bid/26156
- http://www.vupen.com/english/advisories/2007/3572
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37336
- http://bugs.bacula.org/view.php?id=990
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809
- http://osvdb.org/41861
- http://secunia.com/advisories/27243
- http://secunia.com/advisories/31184
- http://security.gentoo.org/glsa/glsa-200807-10.xml
- http://www.securityfocus.com/bid/26156
- http://www.vupen.com/english/advisories/2007/3572
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37336
Products affected by CVE-2007-5626
-
cpe:2.3:a:bacula:bacula:1.19a
-
cpe:2.3:a:bacula:bacula:1.19b
-
cpe:2.3:a:bacula:bacula:1.20
-
cpe:2.3:a:bacula:bacula:1.21
-
cpe:2.3:a:bacula:bacula:1.22
-
cpe:2.3:a:bacula:bacula:1.23
-
cpe:2.3:a:bacula:bacula:1.23a
-
cpe:2.3:a:bacula:bacula:1.24
-
cpe:2.3:a:bacula:bacula:1.25
-
cpe:2.3:a:bacula:bacula:1.25a
-
cpe:2.3:a:bacula:bacula:1.26
-
cpe:2.3:a:bacula:bacula:1.27
-
cpe:2.3:a:bacula:bacula:1.27a
-
cpe:2.3:a:bacula:bacula:1.27b
-
cpe:2.3:a:bacula:bacula:1.27c
-
cpe:2.3:a:bacula:bacula:1.28
-
cpe:2.3:a:bacula:bacula:1.29
-
cpe:2.3:a:bacula:bacula:1.30
-
cpe:2.3:a:bacula:bacula:1.31
-
cpe:2.3:a:bacula:bacula:1.31a
-
cpe:2.3:a:bacula:bacula:1.32
-
cpe:2.3:a:bacula:bacula:1.32a
-
cpe:2.3:a:bacula:bacula:1.32b
-
cpe:2.3:a:bacula:bacula:1.32c
-
cpe:2.3:a:bacula:bacula:1.32d
-
cpe:2.3:a:bacula:bacula:1.32e
-
cpe:2.3:a:bacula:bacula:1.32f
-
cpe:2.3:a:bacula:bacula:1.32f-2
-
cpe:2.3:a:bacula:bacula:1.32f-3
-
cpe:2.3:a:bacula:bacula:1.32f-4
-
cpe:2.3:a:bacula:bacula:1.32f-5
-
cpe:2.3:a:bacula:bacula:1.34.0
-
cpe:2.3:a:bacula:bacula:1.34.1
-
cpe:2.3:a:bacula:bacula:1.34.3
-
cpe:2.3:a:bacula:bacula:1.34.4
-
cpe:2.3:a:bacula:bacula:1.34.5
-
cpe:2.3:a:bacula:bacula:1.34.6
-
cpe:2.3:a:bacula:bacula:1.35.1
-
cpe:2.3:a:bacula:bacula:1.35.2
-
cpe:2.3:a:bacula:bacula:1.35.3
-
cpe:2.3:a:bacula:bacula:1.35.6
-
cpe:2.3:a:bacula:bacula:1.35.7
-
cpe:2.3:a:bacula:bacula:1.35.8
-
cpe:2.3:a:bacula:bacula:1.36.0
-
cpe:2.3:a:bacula:bacula:1.36.1
-
cpe:2.3:a:bacula:bacula:1.36.2
-
cpe:2.3:a:bacula:bacula:1.36.3
-
cpe:2.3:a:bacula:bacula:1.38.0
-
cpe:2.3:a:bacula:bacula:1.38.1
-
cpe:2.3:a:bacula:bacula:1.38.10
-
cpe:2.3:a:bacula:bacula:1.38.11
-
cpe:2.3:a:bacula:bacula:1.38.2
-
cpe:2.3:a:bacula:bacula:1.38.3
-
cpe:2.3:a:bacula:bacula:1.38.4
-
cpe:2.3:a:bacula:bacula:1.38.5
-
cpe:2.3:a:bacula:bacula:1.38.6
-
cpe:2.3:a:bacula:bacula:1.38.7
-
cpe:2.3:a:bacula:bacula:1.38.8
-
cpe:2.3:a:bacula:bacula:1.38.9
-
cpe:2.3:a:bacula:bacula:2.0.0
-
cpe:2.3:a:bacula:bacula:2.0.1
-
cpe:2.3:a:bacula:bacula:2.0.2
-
cpe:2.3:a:bacula:bacula:2.0.3
-
cpe:2.3:a:bacula:bacula:2.2.0
-
cpe:2.3:a:bacula:bacula:2.2.1
-
cpe:2.3:a:bacula:bacula:2.2.2
-
cpe:2.3:a:bacula:bacula:2.2.3
-
cpe:2.3:a:bacula:bacula:2.2.4
-
cpe:2.3:a:bacula:bacula:2.2.5