4 matches found
FreeBSD Ports: ldapscripts
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Debian: Security Advisory (DSA-1517-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : ldapscripts -- Command Line User Credentials Disclosure (3a81017a-8154-11dc-9283-0016179b2dd5)
Ganael Laplanche reports : Up to now, each ldap command was called with the -w parameter, which allows to specify the bind password on the command line. Unfortunately, this could make the password appear to anybody performing a ps during the call. This is now avoided by using the -y parameter and...
CVE-2007-5373
CVE-2007-5373 affects ldapscripts (notably versions 1.4 and 1.7). The issue arises because the password is passed as a command-line argument when invoking LDAP programs (e.g., ldappasswd), which may allow a local attacker to read the password by listing the process and its arguments. The vulnerab...