CVE-2008-2517
SaraB < 0.2.4 - Local Sensitive Information Exposure via Command-Line Encryption Key
Title source: llmDescription
The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42621
Exploit x_refsource_confirm
http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?r1=34&r2=36
Product x_refsource_confirm
http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?view=log
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1659/references
Product x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=601603&group_id=91804
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29364
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30394
Scores
EPSS
0.0027
EPSS Percentile
18.3%
Details
CWE
CWE-200
Status
published
Products (2)
sarab/sarab
0.2.2
sarab/sarab
< 0.2.3
Published
Jun 03, 2008
Tracked Since
Feb 18, 2026