The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.Referenceshttp://osvdb.org/44138http://www.securityfocus.com/bid/27938http://www.debian.org/security/2008/dsa-1501http://secunia.com/advisories/29059http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448519
