dspam: insecure password
| Package(s): | dspam | CVE #(s): | CVE-2007-6418 | ||||
| Created: | February 22, 2008 | Updated: | February 27, 2008 | ||||
| Description: | From the Debian advisory: Tobias Gruetzmacher discovered that a Debian-provided CRON script in dspam, a statistical spam filter, included a database password on the command line when using the MySQL backend. This allowed a local attacker to read the contents of the dspam database, such as emails. | ||||||
| Alerts: |
| ||||||