PT-2008-6330 · Canonical+1 · Ecryptfs-Utils+1

Published

2008-11-21

Updated

2017-09-29

CVE-2008-5188

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ecryptfs-utils versions 45 through 61

Description The issue in ecryptfs-utils allows local users to obtain sensitive information by listing the process, as the ecryptfs-setup-private, ecryptfs-setup-confidential, and ecryptfs-setup-pam-wrapped.sh scripts place cleartext passwords on command lines.

Recommendations For versions 45 through 61, consider restricting access to the process list to minimize the risk of exploitation, and avoid using the scripts until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-255

Related Identifiers

CVE-2008-5188

RHSA-2009:1307

RHSA-2009_1307

Affected Products

Red Hat

Ecryptfs-Utils

PT-2008-6330 · Canonical+1 · Ecryptfs-Utils+1

CVE-2008-5188

Weakness Enumeration

Related Identifiers

Affected Products

References · 20