14 matches found
EUVD-2007-5351
Malware in sbrugna...
FreeBSD Ports: ldapscripts
The remote host is missing an update to the system as announced in the referenced advisory. VID 3a81017a-8154-11dc-9283-0016179b2dd5 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: ldapscripts
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Debian: Security Advisory (DSA-1517-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-1517-1 : ldapscripts - programming error
Don Armstrong discovered that ldapscripts, a suite of tools to manipulate user accounts in LDAP, sends the password as a command line argument when calling LDAP programs, which may allow a local attacker to read this password from the process listing. %NASLMINLEVEL 70300 C Tenable Network Securit...
DSA-1517-1 ldapscripts - information disclosure
Bulletin has no description...
FreeBSD : ldapscripts -- Command Line User Credentials Disclosure (3a81017a-8154-11dc-9283-0016179b2dd5)
Ganael Laplanche reports : Up to now, each ldap command was called with the -w parameter, which allows to specify the bind password on the command line. Unfortunately, this could make the password appear to anybody performing a ps during the call. This is now avoided by using the -y parameter and...
DTSA-68-1 ldapscripts - unauthorized disclosure of information
Bulletin has no description...
CVE-2007-5373
ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the changepassword function...
DEBIAN-CVE-2007-5373
ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the changepassword function...
Default credentials
ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the changepassword function...
CVE-2007-5373
ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the changepassword function...
CVE-2007-5373
ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the changepassword function...
CVE-2007-5373
CVE-2007-5373 affects ldapscripts (notably versions 1.4 and 1.7). The issue arises because the password is passed as a command-line argument when invoking LDAP programs (e.g., ldappasswd), which may allow a local attacker to read the password by listing the process and its arguments. The vulnerab...