What is the severity of CVE-2009-1073?

CVE-2009-1073 is considered a moderate severity vulnerability due to improper file permissions that could allow local users to access sensitive information.

How do I fix CVE-2009-1073?

To fix CVE-2009-1073, update nss-ldapd to version 0.6.8 or later, which addresses the permissions issue.

What are the risks associated with CVE-2009-1073?

The risks associated with CVE-2009-1073 include unauthorized access to cleartext passwords of the LDAP server, potentially leading to further system compromises.

Which versions of nss-ldapd are affected by CVE-2009-1073?

Versions of nss-ldapd prior to 0.6.8 are affected by CVE-2009-1073.

How can I verify if my system is vulnerable to CVE-2009-1073?

You can verify if your system is vulnerable to CVE-2009-1073 by checking the permissions of the /etc/nss-ldapd.conf file and confirming the version of nss-ldapd installed.

Vulnerability/
CVE-2009-1073

medium

5.5

CWE

264 732

31/3/2009

7/8/2024

CVE-2009-1073

First published: Tue Mar 31 2009(Updated: )

nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
PADL nss_ldap	<0.6.8
Debian Debian Linux	=5.0
PADL nss_ldap	<=0.6.7
PADL nss_ldap	=0.1
PADL nss_ldap	=0.2
PADL nss_ldap	=0.2.1
PADL nss_ldap	=0.3
PADL nss_ldap	=0.4
PADL nss_ldap	=0.4.1
PADL nss_ldap	=0.5
PADL nss_ldap	=0.6
PADL nss_ldap	=0.6.1
PADL nss_ldap	=0.6.2
PADL nss_ldap	=0.6.3
PADL nss_ldap	=0.6.4
PADL nss_ldap	=0.6.5
PADL nss_ldap	=0.6.6

Remedy

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476

Remedy

http://www.debian.org/security/2009/dsa-1758

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-1073?
CVE-2009-1073 is considered a moderate severity vulnerability due to improper file permissions that could allow local users to access sensitive information.
How do I fix CVE-2009-1073?
To fix CVE-2009-1073, update nss-ldapd to version 0.6.8 or later, which addresses the permissions issue.
What are the risks associated with CVE-2009-1073?
The risks associated with CVE-2009-1073 include unauthorized access to cleartext passwords of the LDAP server, potentially leading to further system compromises.
Which versions of nss-ldapd are affected by CVE-2009-1073?
Versions of nss-ldapd prior to 0.6.8 are affected by CVE-2009-1073.
How can I verify if my system is vulnerable to CVE-2009-1073?
You can verify if your system is vulnerable to CVE-2009-1073 by checking the permissions of the /etc/nss-ldapd.conf file and confirming the version of nss-ldapd installed.

agent/references
agent/type
agent/remedy
agent/severity
agent/weakness
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
collector/nvd-historical
vendor/debian
canonical/padl nss_ldap
canonical/debian debian linux
version/debian debian linux/5.0
version/padl nss_ldap/0.6.7
version/padl nss_ldap/0.1
version/padl nss_ldap/0.2
version/padl nss_ldap/0.2.1
version/padl nss_ldap/0.3
version/padl nss_ldap/0.4
version/padl nss_ldap/0.4.1
version/padl nss_ldap/0.5
version/padl nss_ldap/0.6
version/padl nss_ldap/0.6.1
version/padl nss_ldap/0.6.2
version/padl nss_ldap/0.6.3
version/padl nss_ldap/0.6.4
version/padl nss_ldap/0.6.5
version/padl nss_ldap/0.6.6

Frequently Asked Questions

What is the severity of CVE-2009-1073?
CVE-2009-1073 is considered a moderate severity vulnerability due to improper file permissions that could allow local users to access sensitive information.
How do I fix CVE-2009-1073?
To fix CVE-2009-1073, update nss-ldapd to version 0.6.8 or later, which addresses the permissions issue.
What are the risks associated with CVE-2009-1073?
The risks associated with CVE-2009-1073 include unauthorized access to cleartext passwords of the LDAP server, potentially leading to further system compromises.
Which versions of nss-ldapd are affected by CVE-2009-1073?
Versions of nss-ldapd prior to 0.6.8 are affected by CVE-2009-1073.
How can I verify if my system is vulnerable to CVE-2009-1073?
You can verify if your system is vulnerable to CVE-2009-1073 by checking the permissions of the /etc/nss-ldapd.conf file and confirming the version of nss-ldapd installed.

CVE-2009-1073

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-1073?

How do I fix CVE-2009-1073?

What are the risks associated with CVE-2009-1073?

Which versions of nss-ldapd are affected by CVE-2009-1073?

How can I verify if my system is vulnerable to CVE-2009-1073?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2009-1073?

How do I fix CVE-2009-1073?

What are the risks associated with CVE-2009-1073?

Which versions of nss-ldapd are affected by CVE-2009-1073?

How can I verify if my system is vulnerable to CVE-2009-1073?