Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2008-5188

Published: Nov 21, 2008 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu
LOW
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2008-5188
CWEhttps://cwe.mitre.org/data/definitions/255.html

The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.

Affected Software

Name Vendor Start Version End Version
Ecryptfs_utils Ecryptfs 45 (including) 45 (including)
Ecryptfs_utils Ecryptfs 46 (including) 46 (including)
Ecryptfs_utils Ecryptfs 47 (including) 47 (including)
Ecryptfs_utils Ecryptfs 48 (including) 48 (including)
Ecryptfs_utils Ecryptfs 49 (including) 49 (including)
Ecryptfs_utils Ecryptfs 50 (including) 50 (including)
Ecryptfs_utils Ecryptfs 51 (including) 51 (including)
Ecryptfs_utils Ecryptfs 53 (including) 53 (including)
Ecryptfs_utils Ecryptfs 54 (including) 54 (including)
Ecryptfs_utils Ecryptfs 55 (including) 55 (including)
Ecryptfs_utils Ecryptfs 56 (including) 56 (including)
Ecryptfs_utils Ecryptfs 57 (including) 57 (including)
Ecryptfs_utils Ecryptfs 58 (including) 58 (including)
Ecryptfs_utils Ecryptfs 59 (including) 59 (including)
Ecryptfs_utils Ecryptfs 60 (including) 60 (including)
Ecryptfs_utils Ecryptfs 61 (including) 61 (including)
Red Hat Enterprise Linux 5 RedHat ecryptfs-utils-0:75-5.el5 *
Ecryptfs-utils Ubuntu upstream *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use