FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-5373

This CVE name corresponds to:

Entered Topic
2007-10-23 ldapscripts -- Command Line User Credentials Disclosure

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-5373
Phase Assigned(20071010)

Description

ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.

References

Source Reference
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445582
DEBIAN DSA-1517
BID 25982
SECUNIA 27111
SECUNIA 29395
XF ldapscripts-commandline-info-disclosure(37029)