exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Secunia Security Advisory 34523

Secunia Security Advisory 34523
Posted Mar 31, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for nss-ldapd. This fixes a security issue, which can be exploited by malicious, local users to disclose potentially sensitive information.

tags | advisory, local
systems | linux, debian
SHA-256 | ba51bf668626cb5a9d5caa3a82939dd25c4ca66dfd1b3795778a6c449e5d98bc

Secunia Security Advisory 34523

Change Mirror Download
----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia
report for 2008.

Highlights from the 2008 report:
* Vulnerability Research
* Software Inspection Results
* Secunia Research Highlights
* Secunia Advisory Statistics

Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/

Stay Secure,

Secunia


----------------------------------------------------------------------

TITLE:
Debian update for nss-ldapd

SECUNIA ADVISORY ID:
SA34523

VERIFY ADVISORY:
http://secunia.com/advisories/34523/

DESCRIPTION:
Debian has issued an update for nss-ldapd. This fixes a security
issue, which can be exploited by malicious, local users to disclose
potentially sensitive information.

The security issue is caused due to the "/etc/nss-ldapd.conf" file
being created with insecure permissions, which can be exploited to
e.g. disclose the LDAP password.

SOLUTION:
Apply updated packages.

-- Debian GNU/Linux 5.0 alias lenny --

Source archives:

http://security.debian.org/pool/updates/main/n/nss-ldapd/nss-ldapd_0.6.7.1.dsc
Size/MD5 checksum: 996 31232235dc6d5e0abb448e56f5f6f8ad
http://security.debian.org/pool/updates/main/n/nss-ldapd/nss-ldapd_0.6.7.1.tar.gz
Size/MD5 checksum: 373338 4cf1160a9626c51ee584f5b66ae1d33a

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_alpha.deb
Size/MD5 checksum: 115612 13d15bd8992624a7c41dfdac3c307202

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_amd64.deb
Size/MD5 checksum: 116262 f994f9e688ce6b97a9dfa4df31fa8fd6

arm architecture (ARM)

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_arm.deb
Size/MD5 checksum: 109704 d525a237c689e726bd4d5923d976c936

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_armel.deb
Size/MD5 checksum: 110092 aae74517ffb749d86835d9562cb08c6c

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_hppa.deb
Size/MD5 checksum: 115350 08874099547bab40079ecaf89230f478

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_i386.deb
Size/MD5 checksum: 109212 d8245739c6796420c11ed945f9300cfe

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_ia64.deb
Size/MD5 checksum: 135638 e3e749ec11135fe721a2ee92e2468ae4

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_mips.deb
Size/MD5 checksum: 110722 a06cf2942f801c1f9703e72ec0f8c7d5

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_mipsel.deb
Size/MD5 checksum: 109942 dbd6bfe96097c33d55f1913e412e4768

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_powerpc.deb
Size/MD5 checksum: 117700 25c2aaf21ef3e61c278b2f6349153429

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_s390.deb
Size/MD5 checksum: 112830 3e95bd1c614983aafa36a81da5a599b4

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_sparc.deb
Size/MD5 checksum: 107640 60c23c4f57accb6977019ba18eef3f06

-- Debian GNU/Linux unstable alias sid --

Fixed in version 0.6.8.

PROVIDED AND/OR DISCOVERED BY:
Debian credits Leigh James.

ORIGINAL ADVISORY:
DSA-1758-1:
http://lists.debian.org/debian-security-announce/2009/msg00068.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close