Executive Summary

Summary
Title nss_ldap: Information disclosure
Informations
Name GLSA-200711-33 First vendor Publication 2007-11-25
Vendor Gentoo Last vendor Modification 2007-11-25
Severity (Vendor) Low Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

A race condition might lead to theft of user credentials or information disclosure in services using nss_ldap.

Background

nss_ldap is a Name Service Switch module which allows 'passwd', 'group'
and 'host' database information to be pulled from LDAP.

Description

Josh Burley reported that nss_ldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded applications using nss_ldap, which might lead to requested data being returned to a wrong process.

Impact

Remote attackers could exploit this race condition by sending queries to a vulnerable server using nss_ldap, possibly leading to theft of user credentials or information disclosure (e.g. Dovecot returning wrong mailbox contents).

Workaround

There is no known workaround at this time.

Resolution

All nss_ldap users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-auth/nss_ldap-258"

References

[ 1 ] CVE-2007-5794 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200711-33.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200711-33.xml

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-26 Leveraging Race Conditions
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-362 Race Condition

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10625
 
Oval ID: oval:org.mitre.oval:def:10625
Title: Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
Description: Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5794
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19840
 
Oval ID: oval:org.mitre.oval:def:19840
Title: DSA-1430-1 libnss-ldap - information disclosure
Description: It was reported that a race condition exists in libnss-ldap, an NSS module for using LDAP as a naming service, which could cause denial of service attacks if applications use pthreads.
Family: unix Class: patch
Reference(s): DSA-1430-1
CVE-2007-5794
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): libnss-ldap
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22248
 
Oval ID: oval:org.mitre.oval:def:22248
Title: ELSA-2008:0389: nss_ldap security and bug fix update (Low)
Description: Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
Family: unix Class: patch
Reference(s): ELSA-2008:0389-02
CVE-2007-5794
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): nss_ldap
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2009-10-10 Name : SLES9: Security update for nss_ldap
File : nvt/sles9p5021857.nasl
2009-04-09 Name : Mandriva Update for nss_ldap MDVSA-2008:049 (nss_ldap)
File : nvt/gb_mandriva_MDVSA_2008_049.nasl
2009-03-06 Name : RedHat Update for nss_ldap RHSA-2008:0389-02
File : nvt/gb_RHSA-2008_0389-02_nss_ldap.nasl
2009-03-06 Name : RedHat Update for nss_ldap RHSA-2008:0715-01
File : nvt/gb_RHSA-2008_0715-01_nss_ldap.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200711-33 (nss_ldap)
File : nvt/glsa_200711_33.nasl
2008-01-17 Name : Debian Security Advisory DSA 1430-1 (libnss-ldap)
File : nvt/deb_1430_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
42223 nss_ldap LDAP Connection Race Condition Cross Thread Information Disclosure

Nessus® Vulnerability Scanner

Date Description
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20080521_nss_ldap_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20080724_nss_ldap_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2008-049.nasl - Type : ACT_GATHER_INFO
2008-07-25 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0715.nasl - Type : ACT_GATHER_INFO
2008-05-22 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0389.nasl - Type : ACT_GATHER_INFO
2008-02-06 Name : The remote openSUSE host is missing a security update.
File : suse_nss_ldap-4773.nasl - Type : ACT_GATHER_INFO
2008-02-06 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_nss_ldap-4781.nasl - Type : ACT_GATHER_INFO
2007-12-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1430.nasl - Type : ACT_GATHER_INFO
2007-11-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200711-33.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:35:21
  • Multiple Updates