oss-sec mailing list archives

CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 23 Mar 2009 13:21:42 +0100

Hello Steve,

  could you please assign CVE ids for following
two low security issues:

1, ucd-snmp / net-snmp snmpd runs with privileges of privileged user
   a, Red Hat Enterprise Linux / Fedora snmpd runs with UID=0, GID=0
   b, Debian snmpd runs with GID=0
   References:
   https://bugzilla.redhat.com/show_bug.cgi?id=491621
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520724

2, libnss-ldapd / nss_ldap: LDAP service configuration file
                                 shipped with world readable permissions
   References: 
   https://bugzilla.redhat.com/show_bug.cgi?id=491623
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476


Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Jan Lieskovsky (Mar 23)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Nico Golde (Mar 23)
  - Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap yersinia (Mar 24)
- Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Vincent Danen (Mar 24)
  - Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Steven M. Christey (Mar 24)
    - Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap Vincent Danen (Mar 24)