Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5188 to the following vulnerability: The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5188 http://www.openwall.com/lists/oss-security/2008/10/23/3 http://www.openwall.com/lists/oss-security/2008/10/29/4 http://www.openwall.com/lists/oss-security/2008/10/29/7 http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53 https://launchpad.net/bugs/287908 Note: The ecryptfs-utils as shipped with Red Hat Enterprise Linux does not contain the 'ecryptfs-setup-private' script mentioned in the above CVE entry (present in ecryptfs-utils starting from versions -45+), but it contains 'ecryptfs-add-passphrase.c' and 'ecryptfs-wrap-passphrase.c' files affected by this vulnerability.
This issue affects the version of the ecryptfs-utils package as shipped with Red Hat Enterprise Linux 5. This issue affects the versions of the ecryptfs-utils package as shipped with Fedora releases of 9 and 10.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1307 https://rhn.redhat.com/errata/RHSA-2009-1307.html
All current Fedora versions are already updated to fixed upstream versions too.