Executive Summary

Informations
Name CVE-2008-5188 First vendor Publication 2008-11-20
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5188

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-255 Credentials Management

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22265
 
Oval ID: oval:org.mitre.oval:def:22265
Title: ELSA-2009:1307: ecryptfs-utils security, bug fix, and enhancement update (Low)
Description: The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
Family: unix Class: patch
Reference(s): ELSA-2009:1307-02
CVE-2008-5188
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): ecryptfs-utils
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29358
 
Oval ID: oval:org.mitre.oval:def:29358
Title: RHSA-2009:1307 -- ecryptfs-utils security, bug fix, and enhancement update (Low)
Description: Updated ecryptfs-utils packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity.
Family: unix Class: patch
Reference(s): RHSA-2009:1307
CESA-2009:1307-CentOS 5
CVE-2008-5188
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): ecryptfs-utils
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9607
 
Oval ID: oval:org.mitre.oval:def:9607
Title: The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
Description: The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5188
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 16

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for ecryptfs-utils CESA-2009:1307 centos5 i386
File : nvt/gb_CESA-2009_1307_ecryptfs-utils_centos5_i386.nasl
2009-09-21 Name : CentOS Security Advisory CESA-2009:1307 (ecryptfs-utils)
File : nvt/ovcesa2009_1307.nasl
2009-09-09 Name : RedHat Security Advisory RHSA-2009:1307
File : nvt/RHSA_2009_1307.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
50355 eCryptfs ecryptfs-utils ecryptfs-setup-pam-wrapped.sh Command Line Process Li...
50354 eCryptfs ecryptfs-utils ecryptfs-setup-confidential Command Line Process List...
50353 eCryptfs ecryptfs-utils ecryptfs-setup-private Command Line Process Listing C...

Nessus® Vulnerability Scanner

Date Description
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1307.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090902_ecryptfs_utils_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1307.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git%3Ba=com...
Source Url
CONFIRM https://launchpad.net/bugs/287908
MLIST http://www.openwall.com/lists/oss-security/2008/10/23/3
http://www.openwall.com/lists/oss-security/2008/10/29/4
http://www.openwall.com/lists/oss-security/2008/10/29/7
OSVDB http://osvdb.org/49334
http://osvdb.org/50353
http://osvdb.org/50354
http://osvdb.org/50355
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://rhn.redhat.com/errata/RHSA-2009-1307.html
SECUNIA http://secunia.com/advisories/32382
http://secunia.com/advisories/36552
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/46073

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2023-11-07 21:47:47
  • Multiple Updates
2021-05-04 12:08:24
  • Multiple Updates
2021-04-22 01:08:45
  • Multiple Updates
2020-05-23 00:22:37
  • Multiple Updates
2017-09-29 09:23:49
  • Multiple Updates
2017-08-08 09:24:31
  • Multiple Updates
2016-06-28 17:21:16
  • Multiple Updates
2016-04-26 18:03:13
  • Multiple Updates
2014-02-17 10:47:20
  • Multiple Updates
2013-05-11 00:30:56
  • Multiple Updates
2013-01-23 13:21:43
  • Multiple Updates