Debian PADL nss_ldap '/etc/nss_ldapd.conf'本地信息泄露漏洞

漏洞信息详情

Debian PADL nss_ldap '/etc/nss_ldapd.conf'本地信息泄露漏洞

CNNVD编号：CNNVD-200903-521
危害等级：中危-->
危害等级：中危
CVE编号： CVE-2009-1073
漏洞类型：权限许可和访问控制
发布时间： 2009-03-31
威胁类型：本地
更新时间： 2009-04-08
厂商： debian
漏洞来源： Leigh James

漏洞简介

nss_ldap是一个开放源码的命名服务(NSS)的模块，作为根据的AIX，Linux操作系统，Solaris和其他操作系统的本地命名服务的目录服务器( LDAP是轻量目录服务协议)。

nss-ldapd 0.6.8之前版本为/etc/nss-ldapd.conf文件使用可普遍读取的许可，这使得本地用户可以通过读取bindpw字段，获得为LDAP服务器设置的一个明文密码。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Debian Linux 5.0 ia-64

Debian libnss-ldapd_0.6.7.1_ia64.deb

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_ia64.deb

Debian Linux 5.0 alpha

Debian libnss-ldapd_0.6.7.1_alpha.deb

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_alpha.deb

Debian Linux 5.0 ia-32

Debian libnss-ldapd_0.6.7.1_i386.deb

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_i386.deb

Debian Linux 5.0 s/390

Debian libnss-ldapd_0.6.7.1_s390.deb

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_s390.deb

Debian Linux 5.0 mipsel

Debian libnss-ldapd_0.6.7.1_mipsel.deb

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_mipsel.deb

Debian Linux 5.0 hppa

Debian libnss-ldapd_0.6.7.1_hppa.deb

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_hppa.deb

Debian Linux 5.0 arm

Debian libnss-ldapd_0.6.7.1_arm.deb

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_arm.deb>

Debian Linux 5.0 armel

Debian libnss-ldapd_0.6.7.1_armel.deb

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_armel.deb

Debian Linux 5.0 amd64

Debian libnss-ldapd_0.6.7.1_amd64.deb

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_amd64.deb

Debian Linux 5.0 mips

Debian libnss-ldapd_0.6.7.1_mips.deb

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_mips.deb

Debian Linux 5.0 powerpc

Debian libnss-ldapd_0.6.7.1_powerpc.deb

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_powerpc.deb

Debian Linux 5.0 sparc

Debian libnss-ldapd_0.6.7.1_sparc.deb

http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_sparc.deb

参考网址

来源: DEBIAN

名称: DSA-1758

链接: http://www.debian.org/security/2009/dsa-1758

来源: bugs.debian.org

链接: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476

来源: BID

名称: 34211

链接: http://www.securityfocus.com/bid/34211

来源: MLIST

名称: [oss-security] 20090324 Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap

链接: http://www.openwall.com/lists/oss-security/2009/03/25/4

来源: MLIST

名称: [oss-security] 20090324 Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap

链接: http://www.openwall.com/lists/oss-security/2009/03/25/3

来源: MLIST

名称: [oss-security] 20090324 Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap

链接: http://www.openwall.com/lists/oss-security/2009/03/24/2

来源: MLIST

名称: [oss-security] 20090323 CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap

链接: http://www.openwall.com/lists/oss-security/2009/03/23/3

来源: SECUNIA

名称: 34523

链接: http://secunia.com/advisories/34523

来源: MISC

链接: http://launchpad.net/bugs/cve/2009-1073

来源: ch.tudelft.nl

链接: http://ch.tudelft.nl/~arthur/nss-ldapd/news.html#20090322

来源: arthurenhella.demon.nl

链接: http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/man/nss-ldapd.conf.5.xml?r1=805&r2=806

来源: arthurenhella.demon.nl

链接: http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/debian/libnss-ldapd.postinst?r1=795&r2=813

受影响实体

Debian Nss-Ldap:0.6.7
Debian Nss-Ldap:0.1
Debian Nss-Ldap:0.2
Debian Nss-Ldap:0.2.1
Debian Nss-Ldap:0.3

补丁

暂无

正文

Debian PADL nss_ldap '/etc/nss_ldapd.conf'本地信息泄露漏洞

漏洞信息详情