oss-security - Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Tue, 24 Mar 2009 21:05:49 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd
 / nss_ldap

On Tue, 24 Mar 2009, Vincent Danen wrote:

> * [2009-03-23 13:21:42 +0100] Jan Lieskovsky wrote:
>
> >2, libnss-ldapd / nss_ldap: LDAP service configuration file
> >                                 shipped with world readable permissions
> >   References:
> >   https://bugzilla.redhat.com/show_bug.cgi?id=491623
> >   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476
>
> On a side note, this is pretty specific to libnss-ldapd and not so much
> nss_ldap.

So, the various bug reports and followups list:

  libnss-ldapd
  nss_ldap
  nss-ldapd
  openldap

Which package is actually affected and what versions might they be?

Use CVE-2009-1073, to be filled in once I have some more detail.

- Steve

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.