Moderate severityNVD Advisory· Published Oct 4, 2007· Updated Apr 23, 2026
CVE-2007-5201
CVE-2007-5201
Description
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
duplicityPyPI | < 0.4.9 | 0.4.9 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- bugs.debian.org/cgi-bin/bugreport.cginvdThird Party AdvisoryWEB
- secunia.com/advisories/28917nvdThird Party Advisory
- www.securityfocus.com/bid/27771nvdThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-wxcw-rqxc-hj85ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2007-5201ghsaADVISORY
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00356.htmlnvdThird Party AdvisoryWEB
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00445.htmlnvdThird Party AdvisoryWEB
- duplicity.nongnu.org/CHANGELOGnvdBroken Link
- osvdb.org/42339nvdBroken Link
- web.archive.org/web/20080118045107/https://duplicity.nongnu.org/CHANGELOGghsaWEB
- web.archive.org/web/20200228164800/http://www.securityfocus.com/bid/27771ghsaWEB
News mentions
0No linked articles in our index yet.