make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
Weakness
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Bacula | Bacula | * | 2.2.5 (including) |
| Bacula | Ubuntu | devel | * |
| Bacula | Ubuntu | edgy | * |
| Bacula | Ubuntu | feisty | * |
| Bacula | Ubuntu | gutsy | * |
| Bacula | Ubuntu | hardy | * |
| Bacula | Ubuntu | intrepid | * |
| Bacula | Ubuntu | jaunty | * |
| Bacula | Ubuntu | karmic | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/102.html
- https://cwe.mitre.org/data/definitions/117.html
- https://cwe.mitre.org/data/definitions/383.html
- https://cwe.mitre.org/data/definitions/477.html
- https://cwe.mitre.org/data/definitions/65.html
References
- http://bugs.bacula.org/view.php?id=990
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809
- http://osvdb.org/41861
- http://secunia.com/advisories/27243
- http://secunia.com/advisories/31184
- http://security.gentoo.org/glsa/glsa-200807-10.xml
- http://www.securityfocus.com/bid/26156
- http://www.vupen.com/english/advisories/2007/3572
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37336
- http://bugs.bacula.org/view.php?id=990
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809
- http://osvdb.org/41861
- http://secunia.com/advisories/27243
- http://secunia.com/advisories/31184
- http://security.gentoo.org/glsa/glsa-200807-10.xml
- http://www.securityfocus.com/bid/26156
- http://www.vupen.com/english/advisories/2007/3572
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37336