CVE-2007-5373

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2007-5373

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2007-5373.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2007-5373

Downstream

DEBIAN-CVE-2007-5373

DSA-1517-1

DTSA-68-1

Published

2007-10-11T10:17:00Z

Modified

2025-08-09T19:01:28Z

Summary

[none]

Details

ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.

References

http://secunia.com/advisories/27111
http://secunia.com/advisories/29395
http://www.debian.org/security/2008/dsa-1517
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445582
http://www.securityfocus.com/bid/25982
https://exchange.xforce.ibmcloud.com/vulnerabilities/37029

CVE-2007-5373

Affected packages