Package: ldap-git-backup
Version: 1.0.3-2
Severity: critical
Tags: security fixed-upstream pending
Justification: root security hole

Citing from RT#4170 to have a public bug report to refer to:

Hans Spaans wrote:
> On a default system the directory /var/backups/ldap is created with
> permissions root:root 0755. This exposes all files in this directory
> to be readable by any process on the system and some of those files
> contain password hashes which are part of the LDAP-dump. Reducing
> the permission to root:root 0700 should resolve the issue.

Yves-Alexis Perez wrote:
> As ldap-git-backup is not in stable or testing, we won't issue a
> DSA.
> Please use CVE-2013-1425 for this issue (local information
> disclosure).

Upstream fixed the issue at

                Regards, Axel
 ,''`.  |  Axel Beckert <>,
: :' :  |  Debian Developer, Admin
`. `'   |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE
  `-    |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5

To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

Reply via email to