First published: Tue Mar 31 2009(Updated: )
nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Debian Nss-ldap | =0.6.4 | |
Debian Nss-ldap | =0.6.6 | |
Debian Nss-ldap | =0.6 | |
Debian Nss-ldap | <=0.6.7 | |
Debian Nss-ldap | =0.6.3 | |
Debian Nss-ldap | =0.2 | |
Debian Nss-ldap | =0.2.1 | |
Debian Nss-ldap | =0.6.5 | |
Debian Nss-ldap | =0.5 | |
Debian Nss-ldap | =0.6.1 | |
Debian Nss-ldap | =0.6.2 | |
Debian Nss-ldap | =0.3 | |
Debian Nss-ldap | =0.4.1 | |
Debian Nss-ldap | =0.4 | |
Debian Nss-ldap | =0.1 | |
Debian Nss-ldap | <0.6.8 | |
Debian Debian Linux | =5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.