CVE-2008-2517

EUVD-2008-2512
The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
sarabsarab
𝑥
≤ 0.2.3
sarabsarab
0.2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?r1=34&r2=36
http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?view=log
http://secunia.com/advisories/30394
http://sourceforge.net/project/shownotes.php?release_id=601603&group_id=91804
http://www.securityfocus.com/bid/29364
http://www.vupen.com/english/advisories/2008/1659/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42621
http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?r1=34&r2=36
http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?view=log
http://secunia.com/advisories/30394
http://sourceforge.net/project/shownotes.php?release_id=601603&group_id=91804
http://www.securityfocus.com/bid/29364
http://www.vupen.com/english/advisories/2008/1659/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42621