Vulnerability Description
Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nss Ldap | Nss Ldap | All versions |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453868
- http://bugs.gentoo.org/show_bug.cgi?id=198390
- http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
- http://secunia.com/advisories/27670Vendor Advisory
- http://secunia.com/advisories/27768Vendor Advisory
- http://secunia.com/advisories/27839Vendor Advisory
- http://secunia.com/advisories/28061Vendor Advisory
- http://secunia.com/advisories/28838Vendor Advisory
- http://secunia.com/advisories/29083Vendor Advisory
- http://secunia.com/advisories/30352Vendor Advisory
- http://secunia.com/advisories/31227Vendor Advisory
- http://secunia.com/advisories/31524Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200711-33.xml
- http://support.avaya.com/elmodocs2/security/ASA-2008-332.htm
- http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0255
FAQ
What is CVE-2007-5794?
CVE-2007-5794 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handl...
How severe is CVE-2007-5794?
CVE-2007-5794 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5794?
Check the references section above for vendor advisories and patch information. Affected products include: Nss Ldap Nss Ldap.