Vulnerability Details CVE-2010-0119
Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.8%
CVSS Severity
CVSS v2 Score 2.1
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036697.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036701.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036764.html
- http://secunia.com/advisories/38723
- http://secunia.com/advisories/38814
- http://secunia.com/secunia_research/2010-7/
- http://www.securityfocus.com/archive/1/509688/100/0/threaded
- http://www.securityfocus.com/bid/38352
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036697.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036701.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036764.html
- http://secunia.com/advisories/38723
- http://secunia.com/advisories/38814
- http://secunia.com/secunia_research/2010-7/
- http://www.securityfocus.com/archive/1/509688/100/0/threaded
- http://www.securityfocus.com/bid/38352
Products affected by CVE-2010-0119
-
cpe:2.3:a:becauseinter:bournal:*
-
cpe:2.3:a:becauseinter:bournal:0.1
-
cpe:2.3:a:becauseinter:bournal:0.2
-
cpe:2.3:a:becauseinter:bournal:0.3
-
cpe:2.3:a:becauseinter:bournal:0.4
-
cpe:2.3:a:becauseinter:bournal:0.4.5
-
cpe:2.3:a:becauseinter:bournal:0.6
-
cpe:2.3:a:becauseinter:bournal:0.7
-
cpe:2.3:a:becauseinter:bournal:0.8
-
cpe:2.3:a:becauseinter:bournal:0.9
-
cpe:2.3:a:becauseinter:bournal:1.0
-
cpe:2.3:a:becauseinter:bournal:1.1
-
cpe:2.3:a:becauseinter:bournal:1.2
-
cpe:2.3:a:becauseinter:bournal:1.3
-
cpe:2.3:o:freebsd:freebsd:8.0