nss-ldapd: insecure config file creation
| Package(s): | nss-ldapd | CVE #(s): | CVE-2009-1073 | ||||
| Created: | March 31, 2009 | Updated: | April 1, 2009 | ||||
| Description: | From the Debian advisory: Leigh James that discovered that nss-ldapd, an NSS module for using LDAP as a naming service, by default creates the configuration file /etc/nss-ldapd.conf world-readable which could leak the configured LDAP password if one is used for connecting to the LDAP server. | ||||||
| Alerts: |
| ||||||