CVE-2008-5188

ecryptfs-utils: potential provided password disclosure in the process table

Severity Score

7.2

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.

Las secuencias de comando (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, y (3) ecryptfs-setup-pam-wrapped.sh en ecryptfs-utils v45 hasta la v61 en eCryptfs las lineas de comando y las contraseñas estan en texto en claro, que permite a usuarios locales conseguir información sensible mediante el listado de procesos.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-11-20 CVE Reserved
2008-11-21 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-255: Credentials Management Errors

CAPEC

References (16)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git%3Ba=commit%3Bh=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53	X_refsource_confirm
http://osvdb.org/49334	Vdb Entry
http://osvdb.org/50353	Vdb Entry
http://osvdb.org/50354	Vdb Entry
http://osvdb.org/50355	Vdb Entry
http://secunia.com/advisories/32382	Third Party Advisory
http://secunia.com/advisories/36552	Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/10/23/3	Mailing List
http://www.openwall.com/lists/oss-security/2008/10/29/4	Mailing List
http://www.openwall.com/lists/oss-security/2008/10/29/7	Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/46073	Vdb Entry
https://launchpad.net/bugs/287908	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2009-1307.html	2023-11-07
https://access.redhat.com/security/cve/CVE-2008-5188	2009-09-02
https://bugzilla.redhat.com/show_bug.cgi?id=472524	2009-09-02

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ecryptfs Search vendor "Ecryptfs"		Ecryptfs Utils Search vendor "Ecryptfs" for product "Ecryptfs Utils"				45 Search vendor "Ecryptfs" for product "Ecryptfs Utils" and version "45"		-		Affected
Ecryptfs Search vendor "Ecryptfs"		Ecryptfs Utils Search vendor "Ecryptfs" for product "Ecryptfs Utils"				46 Search vendor "Ecryptfs" for product "Ecryptfs Utils" and version "46"		-		Affected
Ecryptfs Search vendor "Ecryptfs"		Ecryptfs Utils Search vendor "Ecryptfs" for product "Ecryptfs Utils"				47 Search vendor "Ecryptfs" for product "Ecryptfs Utils" and version "47"		-		Affected
Ecryptfs Search vendor "Ecryptfs"		Ecryptfs Utils Search vendor "Ecryptfs" for product "Ecryptfs Utils"				48 Search vendor "Ecryptfs" for product "Ecryptfs Utils" and version "48"		-		Affected
Ecryptfs Search vendor "Ecryptfs"		Ecryptfs Utils Search vendor "Ecryptfs" for product "Ecryptfs Utils"				49 Search vendor "Ecryptfs" for product "Ecryptfs Utils" and version "49"		-		Affected
Ecryptfs Search vendor "Ecryptfs"		Ecryptfs Utils Search vendor "Ecryptfs" for product "Ecryptfs Utils"				50 Search vendor "Ecryptfs" for product "Ecryptfs Utils" and version "50"		-		Affected
Ecryptfs Search vendor "Ecryptfs"		Ecryptfs Utils Search vendor "Ecryptfs" for product "Ecryptfs Utils"				51 Search vendor "Ecryptfs" for product "Ecryptfs Utils" and version "51"		-		Affected
Ecryptfs Search vendor "Ecryptfs"		Ecryptfs Utils Search vendor "Ecryptfs" for product "Ecryptfs Utils"				53 Search vendor "Ecryptfs" for product "Ecryptfs Utils" and version "53"		-		Affected
Ecryptfs Search vendor "Ecryptfs"		Ecryptfs Utils Search vendor "Ecryptfs" for product "Ecryptfs Utils"				54 Search vendor "Ecryptfs" for product "Ecryptfs Utils" and version "54"		-		Affected
Ecryptfs Search vendor "Ecryptfs"		Ecryptfs Utils Search vendor "Ecryptfs" for product "Ecryptfs Utils"				55 Search vendor "Ecryptfs" for product "Ecryptfs Utils" and version "55"		-		Affected
Ecryptfs Search vendor "Ecryptfs"		Ecryptfs Utils Search vendor "Ecryptfs" for product "Ecryptfs Utils"				56 Search vendor "Ecryptfs" for product "Ecryptfs Utils" and version "56"		-		Affected
Ecryptfs Search vendor "Ecryptfs"		Ecryptfs Utils Search vendor "Ecryptfs" for product "Ecryptfs Utils"				57 Search vendor "Ecryptfs" for product "Ecryptfs Utils" and version "57"		-		Affected
Ecryptfs Search vendor "Ecryptfs"		Ecryptfs Utils Search vendor "Ecryptfs" for product "Ecryptfs Utils"				58 Search vendor "Ecryptfs" for product "Ecryptfs Utils" and version "58"		-		Affected
Ecryptfs Search vendor "Ecryptfs"		Ecryptfs Utils Search vendor "Ecryptfs" for product "Ecryptfs Utils"				59 Search vendor "Ecryptfs" for product "Ecryptfs Utils" and version "59"		-		Affected
Ecryptfs Search vendor "Ecryptfs"		Ecryptfs Utils Search vendor "Ecryptfs" for product "Ecryptfs Utils"				60 Search vendor "Ecryptfs" for product "Ecryptfs Utils" and version "60"		-		Affected
Ecryptfs Search vendor "Ecryptfs"		Ecryptfs Utils Search vendor "Ecryptfs" for product "Ecryptfs Utils"				61 Search vendor "Ecryptfs" for product "Ecryptfs Utils" and version "61"		-		Affected