Unrated severityNVD Advisory· Published Jun 3, 2008· Updated Apr 23, 2026

CVE-2008-2517

Description

The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process.

Affected products

Sarab/Sarab2 versions
cpe:2.3:a:sarab:sarab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sarab:sarab:*:*:*:*:*:*:*:*range: <=0.2.3
- cpe:2.3:a:sarab:sarab:0.2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.shnvdExploit
secunia.com/advisories/30394nvdVendor Advisory
sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.shnvd
sourceforge.net/project/shownotes.phpnvd
www.securityfocus.com/bid/29364nvd
www.vupen.com/english/advisories/2008/1659/referencesnvd
exchange.xforce.ibmcloud.com/vulnerabilities/42621nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000