CVE-2009-1073
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.
nss-ldapd anteriores a v0.6.8 emplea permisos de "lectura para todos" para el archivo /etc/nss-ldapd.conf, lo que permite a los usuario locales obtener una contraseƱa en texto claro para el servidor LDAP, leyendo el campo bindpw.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-03-24 CVE Reserved
- 2009-03-31 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/man/nss-ldapd.conf.5.xml?r1=805&r2=806 | Broken Link | |
| http://ch.tudelft.nl/~arthur/nss-ldapd/news.html#20090322 | Broken Link | |
| http://launchpad.net/bugs/cve/2009-1073 | Third Party Advisory | |
| http://secunia.com/advisories/34523 | Broken Link | |
| http://www.openwall.com/lists/oss-security/2009/03/23/3 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2009/03/24/2 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2009/03/25/3 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2009/03/25/4 | Mailing List |
|
| http://www.securityfocus.com/bid/34211 | Broken Link |
| URL | Date | SRC |
|---|---|---|
| http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/debian/libnss-ldapd.postinst?r1=795&r2=813 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476 | 2024-02-15 | |
| http://www.debian.org/security/2009/dsa-1758 | 2024-02-15 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Debian Search vendor "Debian" | Nss-ldap Search vendor "Debian" for product "Nss-ldap" | < 0.6.8 Search vendor "Debian" for product "Nss-ldap" and version " < 0.6.8" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0" | - |
Affected
| ||||||