CVE-2009-1073

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/03/2009
Last modified:
09/04/2025

Description

nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:debian:nss-ldap:*:*:*:*:*:*:*:* 0.6.8 (excluding)
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*