On Sat, 13 Oct 2007 13:37:25 +0200 (CEST), Ganael LAPLANCHE wrote
> On Thu, 11 Oct 2007 08:32:52 +0200 (CEST), Ganael LAPLANCHE wrote
>
> Hi everybody,
>
> ldapscripts v1.7.1 are now available and fix these issues.
Woops, sorry I forgot to tell where the update is av
On Thu, 11 Oct 2007 08:32:52 +0200 (CEST), Ganael LAPLANCHE wrote
Hi everybody,
ldapscripts v1.7.1 are now available and fix these issues.
Here is the CHANGELOG :
2007/10/13 : ldapscripts 1.7.1
- Fixes for CVE-2007-5373
see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE
On Wed, 10 Oct 2007 20:55:04 +0200, Pierre Habouzit wrote
> If the server crash, then it will be rebooted, and /tmp is cleansed
> at boot time, so no worries here.
Well, it depends on your system and how it is configured... But I agree, such a
situation (crash /while/ using the script + /tmp not
On Mon, 08 Oct 2007 20:02:42 +0200, Pierre Habouzit wrote
> IMHO the best fix is to have in your "runtime" file sth like:
> [...]
Hi again Pierre,
I am still working on patching the scripts. This will lead to a 'security
release' named 1.7.1, quite soon (I hope).
Binding is Ok, I will use a fil
On Mon, 08 Oct 2007 18:04:49 +0200, Pierre Habouzit wrote
> The issue is that when the commands are run, the arguments can be
> seen in clear text in `ps aux` output.
>
> So not only that script has the issue, the parts where you sed -e
> "s//$PASSWORD/g" are vulnerable too.
Hi again Pierre,
5 matches
Mail list logo