nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.
References
Link | Resource |
---|---|
http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/debian/libnss-ldapd.postinst?r1=795&r2=813 | Broken Link Exploit |
http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/man/nss-ldapd.conf.5.xml?r1=805&r2=806 | Broken Link |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476 | Mailing List Patch |
http://ch.tudelft.nl/~arthur/nss-ldapd/news.html#20090322 | Broken Link |
http://launchpad.net/bugs/cve/2009-1073 | Third Party Advisory |
http://secunia.com/advisories/34523 | Broken Link |
http://www.debian.org/security/2009/dsa-1758 | Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2009/03/23/3 | Mailing List |
http://www.openwall.com/lists/oss-security/2009/03/24/2 | Mailing List |
http://www.openwall.com/lists/oss-security/2009/03/25/3 | Mailing List |
http://www.openwall.com/lists/oss-security/2009/03/25/4 | Mailing List |
http://www.securityfocus.com/bid/34211 | Broken Link Third Party Advisory VDB Entry |
Configurations
History
15 Feb 2024, 21:31
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.9
v3 : 5.5 |
First Time |
Debian debian Linux
|
|
CPE | cpe:2.3:a:debian:nss-ldap:0.6:*:*:*:*:*:*:* cpe:2.3:a:debian:nss-ldap:0.3:*:*:*:*:*:*:* cpe:2.3:a:debian:nss-ldap:0.2:*:*:*:*:*:*:* cpe:2.3:a:debian:nss-ldap:0.6.1:*:*:*:*:*:*:* cpe:2.3:a:debian:nss-ldap:0.6.3:*:*:*:*:*:*:* cpe:2.3:a:debian:nss-ldap:0.5:*:*:*:*:*:*:* cpe:2.3:a:debian:nss-ldap:0.6.2:*:*:*:*:*:*:* cpe:2.3:a:debian:nss-ldap:0.4:*:*:*:*:*:*:* cpe:2.3:a:debian:nss-ldap:0.6.5:*:*:*:*:*:*:* cpe:2.3:a:debian:nss-ldap:0.6.6:*:*:*:*:*:*:* cpe:2.3:a:debian:nss-ldap:0.6.4:*:*:*:*:*:*:* cpe:2.3:a:debian:nss-ldap:0.4.1:*:*:*:*:*:*:* cpe:2.3:a:debian:nss-ldap:0.1:*:*:*:*:*:*:* |
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* |
CWE | CWE-732 | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2009/03/25/4 - Mailing List | |
References | (DEBIAN) http://www.debian.org/security/2009/dsa-1758 - Patch, Third Party Advisory | |
References | (CONFIRM) http://ch.tudelft.nl/~arthur/nss-ldapd/news.html#20090322 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/34523 - Broken Link | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2009/03/25/3 - Mailing List | |
References | (BID) http://www.securityfocus.com/bid/34211 - Broken Link, Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/debian/libnss-ldapd.postinst?r1=795&r2=813 - Broken Link, Exploit | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2009/03/23/3 - Mailing List | |
References | (CONFIRM) http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/man/nss-ldapd.conf.5.xml?r1=805&r2=806 - Broken Link | |
References | (CONFIRM) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476 - Mailing List, Patch | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2009/03/24/2 - Mailing List | |
References | (MISC) http://launchpad.net/bugs/cve/2009-1073 - Third Party Advisory |
Information
Published : 2009-03-31 18:24
Updated : 2024-02-28 11:21
NVD link : CVE-2009-1073
Mitre link : CVE-2009-1073
CVE.ORG link : CVE-2009-1073
JSON object : View
Products Affected
debian
- nss-ldap
- debian_linux
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource