VYPR

Nss LDAP

by Padl Software

CVEs (6)

  • CVE-2009-1073MedMar 31, 2009
    risk 0.36cvss 5.5epss 0.01

    nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.

  • CVE-2007-5794Nov 13, 2007
    risk 0.00cvss epss 0.01

    Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for…

  • CVE-2005-2069Jun 30, 2005
    risk 0.00cvss epss 0.03

    pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.

  • CVE-2002-0735Aug 12, 2002
    risk 0.00cvss epss 0.03

    Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages.

  • CVE-2002-0825Aug 12, 2002
    risk 0.00cvss epss 0.02

    Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

  • CVE-2000-1045Dec 11, 2000
    risk 0.00cvss epss 0.01

    nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests.