CVE-2008-2517

2008-06-0314:00:00

mitre

www.cve.org

5.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The sarab.sh script in SaraB before 0.2.4 places the dar program’s encryption key on the command line, which allows local users to obtain sensitive information by listing the process.

References

sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?r1=34&r2=36

sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?view=log

secunia.com/advisories/30394

sourceforge.net/project/shownotes.php?release_id=601603&group_id=91804

www.securityfocus.com/bid/29364

www.vupen.com/english/advisories/2008/1659/references

exchange.xforce.ibmcloud.com/vulnerabilities/42621