CVE-2009-1073

Published: Mar 31, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20090324 Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap

mailing-list

x_refsource_MLIST

[oss-security] 20090323 CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap

mailing-list

x_refsource_MLIST

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476

x_refsource_CONFIRM

34211

vdb-entry

x_refsource_BID

http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/debian/libnss-ldapd.postinst?r1=795&r2=813

x_refsource_CONFIRM

[oss-security] 20090324 Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap

mailing-list

x_refsource_MLIST

http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/man/nss-ldapd.conf.5.xml?r1=805&r2=806

x_refsource_CONFIRM

[oss-security] 20090324 Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap

mailing-list

x_refsource_MLIST

34523

third-party-advisory

x_refsource_SECUNIA

http://ch.tudelft.nl/~arthur/nss-ldapd/news.html#20090322

x_refsource_CONFIRM

http://launchpad.net/bugs/cve/2009-1073

x_refsource_MISC

DSA-1758

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2009-1073

Description

Affected Products

References