oss-sec mailing list archives

Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 24 Mar 2009 21:05:49 -0400 (EDT)


On Tue, 24 Mar 2009, Vincent Danen wrote:

* [2009-03-23 13:21:42 +0100] Jan Lieskovsky wrote:

2, libnss-ldapd / nss_ldap: LDAP service configuration file
                                shipped with world readable permissions
  References:
  https://bugzilla.redhat.com/show_bug.cgi?id=491623
  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476


On a side note, this is pretty specific to libnss-ldapd and not so much
nss_ldap.


So, the various bug reports and followups list:

  libnss-ldapd
  nss_ldap
  nss-ldapd
  openldap

Which package is actually affected and what versions might they be?

Use CVE-2009-1073, to be filled in once I have some more detail.

- Steve

Current thread:

CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Jan Lieskovsky (Mar 23)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Nico Golde (Mar 23)
  - Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap yersinia (Mar 24)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Vincent Danen (Mar 24)
  - Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Steven M. Christey (Mar 24)
    - Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Vincent Danen (Mar 24)