{ "id": "CVE-2008-5188", "sourceIdentifier": "cve@mitre.org", "published": "2008-11-21T02:30:00.563", "lastModified": "2017-09-29T01:32:30.150", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process." }, { "lang": "es", "value": "Las secuencias de comando (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, y (3) ecryptfs-setup-pam-wrapped.sh en ecryptfs-utils v45 hasta la v61 en eCryptfs las lineas de comando y las contrase\u00f1as estan en texto en claro, que permite a usuarios locales conseguir informaci\u00f3n sensible mediante el listado de procesos." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2 }, "baseSeverity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-255" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:45:*:*:*:*:*:*:*", "matchCriteriaId": "2A4E82E6-AF24-4B7F-A6DD-EBCD181CAB54" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:46:*:*:*:*:*:*:*", "matchCriteriaId": "97C0970B-D35A-4D8B-B23D-8174451FF532" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:47:*:*:*:*:*:*:*", "matchCriteriaId": "3CE63E38-3A4F-457C-9F15-66CFC421268B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:48:*:*:*:*:*:*:*", "matchCriteriaId": "5A290B1C-54BF-456B-8D53-D2D33AE15E93" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:49:*:*:*:*:*:*:*", "matchCriteriaId": "E6844D7B-734C-461A-9F5D-6C246F2DC7C6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:50:*:*:*:*:*:*:*", "matchCriteriaId": "3EFE185F-8579-4216-B611-299B7CD9F3F3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:51:*:*:*:*:*:*:*", "matchCriteriaId": "13BEDA62-A7CA-409C-B4D0-84945A3E46ED" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:53:*:*:*:*:*:*:*", "matchCriteriaId": "2BDCD33C-7EA6-4922-914D-43472CC23F1E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:54:*:*:*:*:*:*:*", "matchCriteriaId": "F20CFF16-B815-4F76-A099-B805AC1D2776" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:55:*:*:*:*:*:*:*", "matchCriteriaId": "6B369A92-201D-4F84-9A5C-27853EF8286B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:56:*:*:*:*:*:*:*", "matchCriteriaId": "4446FE35-FA53-4DC6-86FF-746E1D890340" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:57:*:*:*:*:*:*:*", "matchCriteriaId": "94190953-E2B5-473B-B3C6-39BBD4C3783E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:58:*:*:*:*:*:*:*", "matchCriteriaId": "CE9A6D32-8A3D-4A25-BF1E-2ED812539F00" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:59:*:*:*:*:*:*:*", "matchCriteriaId": "AB9630D3-DE46-4C60-A9B0-57B8B9B3C857" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:60:*:*:*:*:*:*:*", "matchCriteriaId": "DFE4E253-4CE1-4122-8FFA-974A466D309B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ecryptfs:ecryptfs_utils:61:*:*:*:*:*:*:*", "matchCriteriaId": "74A6D874-CFFC-49C8-8BB0-DC5DA52E5A16" } ] } ] } ], "references": [ { "url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53", "source": "cve@mitre.org" }, { "url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html", "source": "cve@mitre.org" }, { "url": "http://www.openwall.com/lists/oss-security/2008/10/23/3", "source": "cve@mitre.org" }, { "url": "http://www.openwall.com/lists/oss-security/2008/10/29/4", "source": "cve@mitre.org" }, { "url": "http://www.openwall.com/lists/oss-security/2008/10/29/7", "source": "cve@mitre.org" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073", "source": "cve@mitre.org" }, { "url": "https://launchpad.net/bugs/287908", "source": "cve@mitre.org" }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607", "source": "cve@mitre.org" } ] }