[ldapscripts] [CVE-2007-5373] information disclosure
Bug #203450 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ldapscripts (Debian) |
Fix Released
|
Unknown
|
|||
ldapscripts (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: ldapscripts
References:
DSA-1517-1 (http://
Quoting:
"Don Armstrong discovered that ldapscripts, a suite of tools to manipulate
user accounts in LDAP, sends the password as a command line argument when
calling LDAP programs, which may allow a local attacker to read this password
from the process listing."
CVE References
Changed in ldapscripts: | |
status: | Unknown → Fix Released |
Changed in ldapscripts: | |
status: | New → Fix Released |
To post a comment you must log in.
Ubuntu Edgy Eft is no longer supported, so a SRU will not be issued for this release. Marking Edgy as Won't Fix.