Download
| Alert*
DSA-1517 ldapscripts -- programming error
Don Armstrong discovered that ldapscripts, a suite of tools to manipulate user accounts in LDAP, sends the password as a command line argument when calling LDAP programs, which may allow a local attacker to read this password from the process listing. The old stable distribution (sarge) does not contain an ldapscripts package.
|