CVE-2009-1073

Name of the Vulnerable Software and Affected Versions nss-ldapd versions prior to 0.6.8

Description The issue is related to errors in privilege management, allowing a local user to obtain the cleartext password for the LDAP server. This can be achieved by reading the bindpw field from the /etc/nss-ldapd.conf file, which has world-readable permissions. The exploitation of this issue may lead to a breach of confidentiality of protected information.

Recommendations For versions prior to 0.6.8, update to version 0.6.8 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the /etc/nss-ldapd.conf file to restrict access to sensitive information.