248058 – (CVE-2008-5188) sys-fs/ecryptfs-utils >=45 <=61 passwords exposure (CVE-2008-5188)

Bug 248058 (CVE-2008-5188) - sys-fs/ecryptfs-utils >=45 <=61 passwords exposure (CVE-2008-5188)

Summary: sys-fs/ecryptfs-utils >=45 <=61 passwords exposure (CVE-2008-5188)

Status:	RESOLVED FIXED

Alias:	CVE-2008-5188

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	https://launchpad.net/bugs/287908
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:	debian-tempfile
	Show dependency tree

Reported:	2008-11-21 21:10 UTC by Stefan Behte (RETIRED)
Modified:	2009-03-29 17:21 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2008-11-21 21:10:09 UTC

CVE-2008-5188 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5188):
  The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and
  (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45
  through 61 in eCryptfs place cleartext passwords on command lines,
  which allows local users to obtain sensitive information by listing
  the process.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2008-11-21 21:12:13 UTC

Not sure if we're affected, opening for tracking purposes.

Comment 2 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev

2009-03-29 17:16:01 UTC

sys-fs/ecryptfs-utils-73 is now in the tree.

Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev

2009-03-29 17:21:59 UTC

Thanks, this is ~arch only, closing.