Описание
The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process.
The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-2517
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42621
- http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?r1=34&r2=36
- http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?view=log
- http://secunia.com/advisories/30394
- http://sourceforge.net/project/shownotes.php?release_id=601603&group_id=91804
- http://www.securityfocus.com/bid/29364
- http://www.vupen.com/english/advisories/2008/1659/references
Связанные уязвимости
nvd
больше 17 лет назад
The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process.