Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2517

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2008-2517
Last Modified 07 Mar 2011 10:09:18
Published 03 Jun 2008 10:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-2517

Summary

The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process.

Vulnerable Systems

Application

  • Sarab 0.2.2

  • Sarab 0.2.3


References

XF - sarab-ciphers-information-disclosure(42621)

VUPEN - ADV-2008-1659

BID - 29364

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=601603&group_id=91804

SECUNIA - 30394

CONFIRM - http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?view=log

CONFIRM - http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?r1=34&r2=36


Last Updated: 27 May 2016 10:47:54