Computer Security
[EN] securityvulns.ru no-pyccku


Bournal information leak
Published:25.02.2010
Source:
SecurityVulns ID:10645
Type:local
Threat Level:
4/10
Description:Command line paramters including encryption key are visible in processes list. Insecure temporary files creation.
Affected:BOURNAL : Bournal 1.4
CVE:CVE-2010-0119 (Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, places a ccrypt key on the command line, which allows local users to obtain sensitive information by listing the process and its arguments, related to "echoing.")
Original documentdocumentSECUNIA, Secunia Research: Bournal Insecure Temporary Files Security Issue (25.02.2010)
 documentSECUNIA, Secunia Research: Bournal ccrypt Information Disclosure Security Issue (25.02.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod