CVE-2007-5373

Published: 11/10/2007 Updated: 29/07/2017

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ldapscripts ldapscripts 1.4
ldapscripts ldapscripts 1.7

Debian Bug report logs - #445582 ldapscripts shows passwords in the clear on the command line Package: ldapscripts; Maintainer for ldapscripts is Alexander GQ Gerasiov <gq@debianorg>; Source for ldapscripts is src:ldapscripts (PTS, buildd, popcon) Reported by: Don Armstrong <don@donarmstrongcom> Date: Sun, 7 Oct 2 ...

Don Armstrong discovered that ldapscripts, a suite of tools to manipulate user accounts in LDAP, sends the password as a command line argument when calling LDAP programs, which may allow a local attacker to read this password from the process listing The old stable distribution (sarge) does not contain an ldapscripts package For the stable distri ...

CWE-310 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445582 http://secunia.com/advisories/27111 http://www.securityfocus.com/bid/25982 http://www.debian.org/security/2008/dsa-1517 http://secunia.com/advisories/29395 https://exchange.xforce.ibmcloud.com/vulnerabilities/37029 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445582 https://nvd.nist.gov https://www.debian.org/security/./dsa-1517

CVE-2007-5373

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect