Package: ldap-git-backup Version: 1.0.3-2 Severity: critical Tags: security fixed-upstream pending Justification: root security hole
Citing from RT#4170 to have a public bug report to refer to: Hans Spaans wrote: > On a default system the directory /var/backups/ldap is created with > permissions root:root 0755. This exposes all files in this directory > to be readable by any process on the system and some of those files > contain password hashes which are part of the LDAP-dump. Reducing > the permission to root:root 0700 should resolve the issue. Yves-Alexis Perez wrote: > As ldap-git-backup is not in stable or testing, we won't issue a > DSA. > > Please use CVE-2013-1425 for this issue (local information > disclosure). Upstream fixed the issue at https://github.com/elmar/ldap-git-backup/commit/a90f3217fce87962db82d212f73af70693087124 Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
