Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5373

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2007-5373
Last Modified 05 Sep 2008 05:30:34
Published 11 Oct 2007 06:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-5373

Summary

ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.

Vulnerable Systems

Application

  • Ldapscripts 1.4

  • Ldapscripts 1.7


References

SECUNIA - 27111

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445582

XF - ldapscripts-commandline-info-disclosure(37029)

BID - 25982

DEBIAN - DSA-1517

SECUNIA - 29395


Last Updated: 27 May 2016 10:46:09