CVE-2009-1073
MEDIUMDebian Nss-ldap < 0.6.8 - Incorrect Permission Assignment
Title source: ruleDescription
nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.
References (12)
Core 12
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/03/25/4
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/03/23/3
Mailing List, Patch x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34211
Broken Link, Exploit x_refsource_confirm
http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/debian/libnss-ldapd.postinst?r1=795&r2=813
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/03/24/2
Broken Link x_refsource_confirm
http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/man/nss-ldapd.conf.5.xml?r1=805&r2=806
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/03/25/3
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34523
Broken Link x_refsource_confirm
http://ch.tudelft.nl/~arthur/nss-ldapd/news.html#20090322
Third Party Advisory x_refsource_misc
http://launchpad.net/bugs/cve/2009-1073
Patch, Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1758
Scores
CVSS v3
5.5
EPSS
0.0038
EPSS Percentile
59.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-732
Status
published
Products (2)
debian/debian_linux
5.0
debian/nss-ldap
< 0.6.8
Published
Mar 31, 2009
Tracked Since
Feb 18, 2026