SUSE CVE-2009-1073

nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field...

Debian: Security Advisory (DSA-1758-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1758-1 (nss-ldapd)

The remote host is missing an update to nss-ldapd announced via advisory DSA 1758-1. OpenVAS Vulnerability Test $Id: deb17581.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1758-1 nss-ldapd Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

nss-ldapd Weak file permissions

/etc/nss-ldapd.conf flie with LDAP password is world readable...

[SECURITY] [DSA 1758-1] New nss-ldapd packages fix information disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1758-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 30, 2009 http://www.debian.org/security/faq -...

Debian DSA-1758-1 : nss-ldapd - insecure config file creation

Leigh James discovered that nss-ldapd, an NSS module for using LDAP as a naming service, by default creates the configuration file /etc/nss-ldapd.conf world-readable which could leak the configured LDAP password if one is used for connecting to the LDAP server. %NASLMINLEVEL 70300 C Tenable Netwo...

CVE-2009-1073

nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field...

Default credentials

nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field...

CVE-2009-1073

Summary of CVE-2009-1073 : The nss-ldapd package (before 0.6.8) creates /etc/nss-ldapd.conf with world-readable permissions, allowing local users to read the bindpw (LDAP password) and potentially disclose credentials. Public sources (Debian, OpenVAS, Nessus) confirm the issue and reference fixes...

CVE-2009-1073

nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field...

PT-2009-1033 · Nss Ldap · Nss Ldap

Name of the Vulnerable Software and Affected Versions: nss-ldapd versions prior to 0.6.8 Description: The issue is related to errors in privilege management, allowing a local user to obtain the cleartext password for the LDAP server. This can be achieved by reading the bindpw field from the...

[SECURITY] [DSA 1758-1] New nss-ldapd packages fix information disclosure

------------------------------------------------------------------------ Debian Security Advisory DSA-1758-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 30, 2009 http://www.debian.org/security/faq -...

DSA-1758-1 nss-ldapd - information disclosure

Bulletin has no description...