Package: ldapscripts
Severity: serious
Version: 1.4-2
Tag: security
Unless you're running grsecurity or some other patched kernel, the
following cannot be good:
_changepassword () {
if [ -z "$1" ] || [ -z "$2" ]
then
end_die "_changepassword : missing argument(s)"
else
if is_yes "$RECORDPASSWORDS"
then
echo "$2 : $1" >> "$PASSWORDFILE"
fi
$LDAPPASSWDBIN -w "$BINDPWD" -D "$BINDDN" -xH "ldap://$SERVER"; -s "$1" "$2"
2>>"$LOGFILE" 1>/dev/null
fi
}
Don Armstrong
--
This message brought to you by weapons of mass destruction related
program activities, and the letter G.
http://www.donarmstrong.com http://rzlab.ucr.edu
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
