Executive Summary

Informations
NameCVE-2007-5794First vendor Publication2007-11-13
VendorCveLast vendor Modification2018-10-15

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-26Leveraging Race Conditions
CAPEC-29Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

CWE : Common Weakness Enumeration

%idName
100 %CWE-362Race Condition

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19840
 
Oval ID: oval:org.mitre.oval:def:19840
Title: DSA-1430-1 libnss-ldap - information disclosure
Description: It was reported that a race condition exists in libnss-ldap, an NSS module for using LDAP as a naming service, which could cause denial of service attacks if applications use pthreads.
Family: unix Class: patch
Reference(s): DSA-1430-1
CVE-2007-5794
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): libnss-ldap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10625
 
Oval ID: oval:org.mitre.oval:def:10625
Title: Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
Description: Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5794
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22248
 
Oval ID: oval:org.mitre.oval:def:22248
Title: ELSA-2008:0389: nss_ldap security and bug fix update (Low)
Description: Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
Family: unix Class: patch
Reference(s): ELSA-2008:0389-02
CVE-2007-5794
Version: 6
Platform(s): Oracle Linux 5
Product(s): nss_ldap
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

OpenVAS Exploits

DateDescription
2009-10-10Name : SLES9: Security update for nss_ldap
File : nvt/sles9p5021857.nasl
2009-04-09Name : Mandriva Update for nss_ldap MDVSA-2008:049 (nss_ldap)
File : nvt/gb_mandriva_MDVSA_2008_049.nasl
2009-03-06Name : RedHat Update for nss_ldap RHSA-2008:0389-02
File : nvt/gb_RHSA-2008_0389-02_nss_ldap.nasl
2009-03-06Name : RedHat Update for nss_ldap RHSA-2008:0715-01
File : nvt/gb_RHSA-2008_0715-01_nss_ldap.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200711-33 (nss_ldap)
File : nvt/glsa_200711_33.nasl
2008-01-17Name : Debian Security Advisory DSA 1430-1 (libnss-ldap)
File : nvt/deb_1430_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
42223nss_ldap LDAP Connection Race Condition Cross Thread Information Disclosure

Nessus® Vulnerability Scanner

DateDescription
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20080521_nss_ldap_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20080724_nss_ldap_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2008-049.nasl - Type : ACT_GATHER_INFO
2008-07-25Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0715.nasl - Type : ACT_GATHER_INFO
2008-05-22Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0389.nasl - Type : ACT_GATHER_INFO
2008-02-06Name : The remote openSUSE host is missing a security update.
File : suse_nss_ldap-4773.nasl - Type : ACT_GATHER_INFO
2008-02-06Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_nss_ldap-4781.nasl - Type : ACT_GATHER_INFO
2007-12-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1430.nasl - Type : ACT_GATHER_INFO
2007-11-26Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200711-33.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/26452
BUGTRAQ http://www.securityfocus.com/archive/1/487985/100/0/threaded
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453868
http://bugs.gentoo.org/show_bug.cgi?id=198390
http://support.avaya.com/elmodocs2/security/ASA-2008-332.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0255
https://bugzilla.redhat.com/show_bug.cgi?id=154314
https://bugzilla.redhat.com/show_bug.cgi?id=367461
https://issues.rpath.com/browse/RPL-1913
DEBIAN http://www.debian.org/security/2007/dsa-1430
GENTOO http://security.gentoo.org/glsa/glsa-200711-33.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:049
MLIST http://www.dovecot.org/list/dovecot/2005-April/006859.html
http://www.dovecot.org/list/dovecot/2005-March/006345.html
REDHAT http://www.redhat.com/support/errata/RHSA-2008-0389.html
http://www.redhat.com/support/errata/RHSA-2008-0715.html
SECTRACK http://www.securitytracker.com/id?1020088
SUSE http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/38505

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
DateInformations
2018-10-16 00:19:19
  • Multiple Updates
2018-06-14 12:01:32
  • Multiple Updates
2017-09-29 09:23:16
  • Multiple Updates
2017-07-29 12:02:39
  • Multiple Updates
2016-04-26 16:46:37
  • Multiple Updates
2014-02-17 10:42:27
  • Multiple Updates
2013-05-11 10:41:08
  • Multiple Updates