Launchpad.net

CVE 2009-1073

nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field.

See the CVE page on Mitre.org for more details.