Bug 157492
Summary: | CAN-2004-1948 ncftp url infromation disclosure | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 2.1 | Reporter: | Josh Bressers <bressers> |
Component: | ncftp | Assignee: | Karsten Hopp <karsten> |
Status: | CLOSED NOTABUG | QA Contact: | Ben Levenson <benl> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 2.1 | Keywords: | Security |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | impact=low,public=20040419,source=cve,reported=20050511 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-06-17 02:02:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Josh Bressers
2005-05-12 00:26:50 UTC
It seems this issue was never fixed. I can still do this on FC3. I'm half tempted to say this is probably a non issue. I'm interested in what some of the other programs do which also deal with similar URLs on the command line. This is basically a non issue. Nobody should be providing sensitive information such as this on the command line. The only way to fix this is still insecure, since there is a gap between startup and scribbling over ARGV. |