CVE-2007-0627

Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://freshmeat.net/projects/gtalkbot/?branch_id=67830&release_id=245004
http://www.stillhq.com/gtalkbot/
http://www.securityfocus.com/bid/22322
http://secunia.com/advisories/23942
http://osvdb.org/33071
http://www.stillhq.com/gtalkbot/000003.html
http://www.vupen.com/english/advisories/2007/0408
https://exchange.xforce.ibmcloud.com/vulnerabilities/31923

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:michael_still:gtalkbot:*:*:*:*:*:*:*:*

Information

Published : 2007-01-31 10:28

Updated : 2017-07-28 18:30

NVD link : CVE-2007-0627

Mitre link : CVE-2007-0627

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

michael_still

gtalkbot

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://freshmeat.net/projects/gtalkbot/?branch_id=67830&release_id=245004", "name": "http://freshmeat.net/projects/gtalkbot/?branch_id=67830&release_id=245004", "tags": [], "refsource": "MISC"}, {"url": "http://www.stillhq.com/gtalkbot/", "name": "http://www.stillhq.com/gtalkbot/", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/22322", "name": "22322", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/23942", "name": "23942", "tags": [], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/33071", "name": "33071", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.stillhq.com/gtalkbot/000003.html", "name": "http://www.stillhq.com/gtalkbot/000003.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2007/0408", "name": "ADV-2007-0408", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31923", "name": "gtalkbot-ps-information-disclosure(31923)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-0627", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-01-31T18:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:michael_still:gtalkbot:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:30Z"}