Date: Tue, 24 Mar 2009 21:05:49 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap On Tue, 24 Mar 2009, Vincent Danen wrote: > * [2009-03-23 13:21:42 +0100] Jan Lieskovsky wrote: > > >2, libnss-ldapd / nss_ldap: LDAP service configuration file > > shipped with world readable permissions > > References: > > https://bugzilla.redhat.com/show_bug.cgi?id=491623 > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476 > > On a side note, this is pretty specific to libnss-ldapd and not so much > nss_ldap. So, the various bug reports and followups list: libnss-ldapd nss_ldap nss-ldapd openldap Which package is actually affected and what versions might they be? Use CVE-2009-1073, to be filled in once I have some more detail. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.