Cybertrion Systems

Home About Photos Contact

[2/5] Backup Manager Information Disclosure Security Issue

August 31st, 2007 by
[2/5] Backup Manager Information Disclosure Security Issue

:Micha Lenk has reported a security issue in Backup Manager, which can be exploited by malicious, local users to disclose sensitive information.The security issue is caused due to the host, username, and password used to connect to a remote FTP server being shown in the process list. This can be exploited to gain unauthorized FTP access to the remote backup server.The security issue is reported in versions prior to 0.6.3.Solution:Update to version 0.6.3.http://www2.backup-manager.org/Release063Provided and/or discovered by:Micha LenkOriginal Advisory:Backup Manager:http://www2.backup-manager.org/Release063Debian:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439392

Original post by Pankaj

[2/5] Backup Manager Information Disclosure Security Issue

Related Articles:
  • [2/5] Debian update for backup-manager
  • [2/5] Liferea “feedlist.opml” Backup Insecure File Permissions
  • [2/5] CA Products Alert Notification Server Multiple Vulnerabilities
  • [3/5] Symantec Backup Exec System Recovery Manager File Upload Vulnerability
  • [3/5] Symantec Backup Exec RPC Interface Heap Overflow Vulnerability


    • Posted in Advisories - Exploits | | [2/5] Backup Manager Information Disclosure Security Issue

    << [2/5] InterWorx-CP Multiple Cross-Site Scripting | [3/5] Shopping Basket Professional Directory Traversal Vulnerability >>

    Categories

    Archives:

    Search:

    Meta:

    © 2006 Latest 0 day exploits and vulnerabilities .