oss-security - CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date: Mon, 23 Mar 2009 13:21:42 +0100
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
Cc: oss-security <oss-security@...ts.openwall.com>
Subject: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap

Hello Steve,

  could you please assign CVE ids for following
two low security issues:

1, ucd-snmp / net-snmp snmpd runs with privileges of privileged user
   a, Red Hat Enterprise Linux / Fedora snmpd runs with UID=0, GID=0
   b, Debian snmpd runs with GID=0
   References:
   https://bugzilla.redhat.com/show_bug.cgi?id=491621
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520724

2, libnss-ldapd / nss_ldap: LDAP service configuration file
                                 shipped with world readable permissions
   References: 
   https://bugzilla.redhat.com/show_bug.cgi?id=491623
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476


Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.