CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
10.1%
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
Vendor | Product | Version | CPE |
---|---|---|---|
ecryptfs | ecryptfs_utils | 45 | cpe:2.3:a:ecryptfs:ecryptfs_utils:45:*:*:*:*:*:*:* |
ecryptfs | ecryptfs_utils | 46 | cpe:2.3:a:ecryptfs:ecryptfs_utils:46:*:*:*:*:*:*:* |
ecryptfs | ecryptfs_utils | 47 | cpe:2.3:a:ecryptfs:ecryptfs_utils:47:*:*:*:*:*:*:* |
ecryptfs | ecryptfs_utils | 48 | cpe:2.3:a:ecryptfs:ecryptfs_utils:48:*:*:*:*:*:*:* |
ecryptfs | ecryptfs_utils | 49 | cpe:2.3:a:ecryptfs:ecryptfs_utils:49:*:*:*:*:*:*:* |
ecryptfs | ecryptfs_utils | 50 | cpe:2.3:a:ecryptfs:ecryptfs_utils:50:*:*:*:*:*:*:* |
ecryptfs | ecryptfs_utils | 51 | cpe:2.3:a:ecryptfs:ecryptfs_utils:51:*:*:*:*:*:*:* |
ecryptfs | ecryptfs_utils | 53 | cpe:2.3:a:ecryptfs:ecryptfs_utils:53:*:*:*:*:*:*:* |
ecryptfs | ecryptfs_utils | 54 | cpe:2.3:a:ecryptfs:ecryptfs_utils:54:*:*:*:*:*:*:* |
ecryptfs | ecryptfs_utils | 55 | cpe:2.3:a:ecryptfs:ecryptfs_utils:55:*:*:*:*:*:*:* |
git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git%3Ba=commit%3Bh=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53
osvdb.org/49334
osvdb.org/50353
osvdb.org/50354
osvdb.org/50355
rhn.redhat.com/errata/RHSA-2009-1307.html
secunia.com/advisories/32382
secunia.com/advisories/36552
www.openwall.com/lists/oss-security/2008/10/23/3
www.openwall.com/lists/oss-security/2008/10/29/4
www.openwall.com/lists/oss-security/2008/10/29/7
exchange.xforce.ibmcloud.com/vulnerabilities/46073
launchpad.net/bugs/287908
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607