CVSS: 4.6EPSS: 0%CPEs: 31EXPL: 0CVE-2011-1836
https://notcve.org/view.php?id=CVE-2011-1836
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process. utils/ecryptfs-recover-private en ecryptfs-utils anterior a 90 no establece un subdirectorio con permisos seguros, lo que podría permitir a usuarios locales evadir las restricciones de acceso a través de operaciones estándar del sistema de ficheros durante el proceso de recuperación. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00009.html http://www.ubuntu.com/usn/USN-1188-1 https://bugzilla.redhat.com/show_bug.cgi?id=729465 https://launchpad.net/ecryptfs/+download • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 16EXPL: 0CVE-2008-5188 – ecryptfs-utils: potential provided password disclosure in the process table
https://notcve.org/view.php?id=CVE-2008-5188
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process. Las secuencias de comando (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, y (3) ecryptfs-setup-pam-wrapped.sh en ecryptfs-utils v45 hasta la v61 en eCryptfs las lineas de comando y las contraseñas estan en texto en claro, que permite a usuarios locales conseguir información sensible mediante el listado de procesos. • http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git%3Ba=commit%3Bh=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53 http://osvdb.org/49334 http://osvdb.org/50353 http://osvdb.org/50354 http://osvdb.org/50355 http://rhn.redhat.com/errata/RHSA-2009-1307.html http://secunia.com/advisories/32382 http://secunia.com/advisories/36552 http://www.openwall.com/lists/oss-security/2008/10/23/3 http://www.openwall.com/lists/oss-security/2008/10/29/4 http://www&# • CWE-255: Credentials Management Errors •