Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2008-5188 | First vendor Publication | 2008-11-20 |
Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5188 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-255 | Credentials Management |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:22265 | |||
Oval ID: | oval:org.mitre.oval:def:22265 | ||
Title: | ELSA-2009:1307: ecryptfs-utils security, bug fix, and enhancement update (Low) | ||
Description: | The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1307-02 CVE-2008-5188 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | ecryptfs-utils |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29358 | |||
Oval ID: | oval:org.mitre.oval:def:29358 | ||
Title: | RHSA-2009:1307 -- ecryptfs-utils security, bug fix, and enhancement update (Low) | ||
Description: | Updated ecryptfs-utils packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1307 CESA-2009:1307-CentOS 5 CVE-2008-5188 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | ecryptfs-utils |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9607 | |||
Oval ID: | oval:org.mitre.oval:def:9607 | ||
Title: | The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process. | ||
Description: | The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5188 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for ecryptfs-utils CESA-2009:1307 centos5 i386 File : nvt/gb_CESA-2009_1307_ecryptfs-utils_centos5_i386.nasl |
2009-09-21 | Name : CentOS Security Advisory CESA-2009:1307 (ecryptfs-utils) File : nvt/ovcesa2009_1307.nasl |
2009-09-09 | Name : RedHat Security Advisory RHSA-2009:1307 File : nvt/RHSA_2009_1307.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50355 | eCryptfs ecryptfs-utils ecryptfs-setup-pam-wrapped.sh Command Line Process Li... |
50354 | eCryptfs ecryptfs-utils ecryptfs-setup-confidential Command Line Process List... |
50353 | eCryptfs ecryptfs-utils ecryptfs-setup-private Command Line Process Listing C... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1307.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090902_ecryptfs_utils_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1307.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-11-07 21:47:47 |
|
2021-05-04 12:08:24 |
|
2021-04-22 01:08:45 |
|
2020-05-23 00:22:37 |
|
2017-09-29 09:23:49 |
|
2017-08-08 09:24:31 |
|
2016-06-28 17:21:16 |
|
2016-04-26 18:03:13 |
|
2014-02-17 10:47:20 |
|
2013-05-11 00:30:56 |
|
2013-01-23 13:21:43 |
|