Red Hat Bugzilla – Bug 472524
CVE-2008-5188 ecryptfs-utils: potential provided password disclosure in the process table
Last modified: 2009-09-02 08:10:49 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5188 to
the following vulnerability:
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and
(3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through
61 in eCryptfs place cleartext passwords on command lines, which
allows local users to obtain sensitive information by listing the
Note: The ecryptfs-utils as shipped with Red Hat Enterprise Linux does not
contain the 'ecryptfs-setup-private' script mentioned in the above CVE entry
(present in ecryptfs-utils starting from versions -45+), but it contains 'ecryptfs-add-passphrase.c' and 'ecryptfs-wrap-passphrase.c'
files affected by this vulnerability.
This issue affects the version of the ecryptfs-utils package as shipped
with Red Hat Enterprise Linux 5.
This issue affects the versions of the ecryptfs-utils package as shipped
with Fedora releases of 9 and 10.
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw. More information regarding
issue severity can be found here:
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2009:1307 https://rhn.redhat.com/errata/RHSA-2009-1307.html
All current Fedora versions are already updated to fixed upstream versions too.