Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 248058 (CVE-2008-5188)

Summary: sys-fs/ecryptfs-utils >=45 <=61 passwords exposure (CVE-2008-5188)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: crypto+disabled, kernel-misc, leon+gentoo
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://launchpad.net/bugs/287908
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 235770    

Description Stefan Behte (RETIRED) gentoo-dev Security 2008-11-21 21:10:09 UTC 
CVE-2008-5188 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5188):
  The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and
  (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45
  through 61 in eCryptfs place cleartext passwords on command lines,
  which allows local users to obtain sensitive information by listing
  the process.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-21 21:12:13 UTC 
Not sure if we're affected, opening for tracking purposes.
Comment 2 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-03-29 17:16:01 UTC 
sys-fs/ecryptfs-utils-73 is now in the tree.
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-03-29 17:21:59 UTC 
Thanks, this is ~arch only, closing.