CVE-2008-5188 — Ecryptfs-utils vulnerability

CWE-2556 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 74.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ecryptfs Ecryptfs-utils Debian Ecryptfs-utils Ecryptfs Utils

Timeline

PublishedNov 21

Latest updateMay 17

Description

The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/ecryptfs-utils< ecryptfs-utils 66-1 (bookworm)

▶Debianecryptfs/ecryptfs-utils< 66-1+3

▶NVDecryptfs/ecryptfs_utils16 versions+15

🔴Vulnerability Details

GHSA

GHSA-84hq-4h95-83xw: The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped↗2022-05-17

▶

OSV

CVE-2008-5188: The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped↗2008-11-21

▶

📋Vendor Advisories

Red Hat

ecryptfs-utils: potential provided password disclosure in the process table↗2008-10-23

▶

Debian

CVE-2008-5188: ecryptfs-utils - The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptf...↗2008

▶

💬Community

Bugzilla

CVE-2008-5188 ecryptfs-utils: potential provided password disclosure in the process table↗2008-11-21

▶