CVE Vulnerabilities

CVE-2007-5373

Published: Oct 11, 2007 | Modified: Jul 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.

Affected Software

Name Vendor Start Version End Version
Ldapscripts Ldapscripts 1.4 (including) 1.4 (including)
Ldapscripts Ldapscripts 1.7 (including) 1.7 (including)
Ldapscripts Ubuntu dapper *
Ldapscripts Ubuntu devel *
Ldapscripts Ubuntu edgy *
Ldapscripts Ubuntu feisty *
Ldapscripts Ubuntu gutsy *
Ldapscripts Ubuntu hardy *
Ldapscripts Ubuntu intrepid *
Ldapscripts Ubuntu jaunty *
Ldapscripts Ubuntu karmic *

References