CVE-2008-5188 Information

Description

The (1) ecryptfs-setup-private (2) ecryptfs-setup-confidential and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines which allows local users to obtain sensitive information by listing the process.

Reference

http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53 http://osvdb.org/49334 http://osvdb.org/50353 http://osvdb.org/50354 http://osvdb.org/50355 http://rhn.redhat.com/errata/RHSA-2009-1307.html http://secunia.com/advisories/32382 http://secunia.com/advisories/36552 http://www.openwall.com/lists/oss-security/2008/10/23/3 http://www.openwall.com/lists/oss-security/2008/10/29/4 http://www.openwall.com/lists/oss-security/2008/10/29/7 https://exchange.xforce.ibmcloud.com/vulnerabilities/46073 https://launchpad.net/bugs/287908 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9607