← back
CVE-2008-2517

CVE-2008-2517

EPSS 0.3%
The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?r1=34&r2=36http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?view=loghttp://secunia.com/advisories/30394https://exchange.xforce.ibmcloud.com/vulnerabilities/42621http://sourceforge.net/project/shownotes.php?release_id=601603&group_id=91804http://www.securityfocus.com/bid/29364http://www.vupen.com/english/advisories/2008/1659/references