PT-2005-1023 · Ntlmaps · Ntlmaps

Drew Parsons

Published

2005-09-30

Updated

2008-09-05

CVE-2005-2962

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ntlmaps versions prior to 0.9.9

Description The issue concerns a problem with the post-installation script of ntlmaps, which sets world-readable permissions for the configuration file. This allows local users to obtain the username and password, potentially leading to a breach of confidentiality. The vulnerability can be exploited by a local attacker.

Recommendations For versions prior to 0.9.9, update to version 0.9.9 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the configuration file to prevent world-readable access until a patch is applied. Restrict access to the configuration file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-02830

CVE-2005-2962

DSA-830-1

Affected Products

Ntlmaps

PT-2005-1023 · Ntlmaps · Ntlmaps

CVE-2005-2962

Related Identifiers

Affected Products

References · 7