CVE-2007-5373
Published: 11 October 2007
ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.
Priority
Status
Package | Release | Status |
---|---|---|
ldapscripts Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(1.7.1-2)
|
|
intrepid |
Released
(1.7.1-2)
|
|
jaunty |
Released
(1.7.1-2)
|
|
karmic |
Released
(1.7.1-2)
|
|
upstream |
Needs triage
|