Lucene search

[email protected]CVE-2008-2517

HistoryJun 03, 2008 - 2:32 p.m.

CVE-2008-2517

2008-06-0314:32:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2008-2517

sarab

vulnerability

encryption key

command line

local users

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The sarab.sh script in SaraB before 0.2.4 places the dar program’s encryption key on the command line, which allows local users to obtain sensitive information by listing the process.

Affected configurations

NVD

Node

sarabsarabRange≤0.2.3

sarabsarabMatch0.2.2

CPENameOperatorVersion
sarab:sarabsarable0.2.3
sarab:sarabsarabeq0.2.2

CPE	Name	Operator	Version
sarab:sarab	sarab	le	0.2.3
sarab:sarab	sarab	eq	0.2.2

References

sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?r1=34&r2=36

sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?view=log

secunia.com/advisories/30394

sourceforge.net/project/shownotes.php?release_id=601603&group_id=91804

www.securityfocus.com/bid/29364

www.vupen.com/english/advisories/2008/1659/references

exchange.xforce.ibmcloud.com/vulnerabilities/42621

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2008-2517

nvd1 cvelist1 prion1