Lucene search
FreeBSD3A81017A-8154-11DC-9283-0016179B2DD5HistoryOct 09, 2007 - 12:00 a.m.
ldapscripts -- Command Line User Credentials Disclosure
2007-10-0900:00:00
vuxml.freebsd.org
11
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS
0
Percentile
5.1%
Ganael Laplanche reports:
Up to now, each ldap* command was called with the -w parameter,
which allows to specify the bind password on the command line.
Unfortunately, this could make the password appear to anybody
performing a ps during the call. This is now avoided by using
the -y parameter and a password file.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | ldapscripts | < 1.7.1 | UNKNOWN |
Related
openvas
openvas
Debian: Security Advisory (DSA-1517-1)
2008-03-19 00:00:00
Debian Security Advisory DSA 1517-1 (ldapscripts)
2008-03-19 00:00:00
FreeBSD Ports: ldapscripts
2008-09-04 00:00:00
cve
cve
CVE-2007-5373
2007-10-11 10:17:00
nessus
nessus
cvelist
cvelist
CVE-2007-5373
2007-10-11 10:00:00
debian
debian
[SECURITY] [DSA 1517-1] New ldapscripts packages fix information disclosure
2008-03-15 22:16:22
prion
prion
Default credentials
2007-10-11 10:17:00
debiancve
debiancve
CVE-2007-5373
2007-10-11 10:17:00
ubuntucve
ubuntucve
CVE-2007-5373
2007-10-11 00:00:00
nvd
nvd
CVE-2007-5373
2007-10-11 10:17:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS
0
Percentile
5.1%
Related for 3A81017A-8154-11DC-9283-0016179B2DD5