[ldapscripts] [CVE-2007-5373] information disclosure
Bug #203450 reported by
disabled.user
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ldapscripts (Debian) |
Fix Released
|
Unknown
|
|||
| ldapscripts (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
| Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
| Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
| Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: ldapscripts
References:
DSA-1517-1 (http://
Quoting:
"Don Armstrong discovered that ldapscripts, a suite of tools to manipulate
user accounts in LDAP, sends the password as a command line argument when
calling LDAP programs, which may allow a local attacker to read this password
from the process listing."
CVE References
| Changed in ldapscripts: | |
| status: | Unknown → Fix Released |
| Changed in ldapscripts: | |
| status: | New → Fix Released |
| Changed in ldapscripts: | |
| status: | New → Won't Fix |
| Changed in ldapscripts: | |
| status: | New → Won't Fix |
Revision history for this message
| Sergio Zanchetta (primes2h) wrote | #3 |
| Changed in ldapscripts (Ubuntu Gutsy): | |
| status: | New → Won't Fix |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #4 |
| Changed in ldapscripts (Ubuntu Dapper): | |
| status: | New → Won't Fix |
To post a comment you must log in.
Ubuntu Edgy Eft is no longer supported, so a SRU will not be issued for this release. Marking Edgy as Won't Fix.