Debian Security Advisory 1758-1 – Leigh James that discovered that nss-ldapd, an NSS module for using LDAP as a naming service, by default creates the configuration file /etc/nss-ldapd.conf world-readable which could leak the configured LDAP password if one is used for connecting to the LDAP server.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/76198/dsa-1758-1.txt
Source: https://packetstormsecurity.com/files/76198/Debian-Linux-Security-Advisory-1758-1.html