nss-ldapd prior to 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian nss-ldap |
||
debian debian linux 5.0 |