*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: ldapscripts References: DSA-1517-1 (http://www.debian.org/security/2008/dsa-1517) Quoting: "Don Armstrong discovered that ldapscripts, a suite of tools to manipulate user accounts in LDAP, sends the password as a command line argument when calling LDAP programs, which may allow a local attacker to read this password from the process listing." ** Affects: ldapscripts (Ubuntu) Importance: Undecided Status: New ** Affects: ldapscripts (Debian) Importance: Unknown Status: Unknown ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-5373 ** Bug watch added: Debian Bug tracker #445582 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445582 ** Also affects: ldapscripts (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445582 Importance: Unknown Status: Unknown -- [ldapscripts] [CVE-2007-5373] information disclosure https://bugs.launchpad.net/bugs/203450 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs