CVE - CVE-2007-5794

CVE-ID
CVE-2007-5794	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1020088 URL:http://www.securitytracker.com/id?1020088 MISC:20080212 FLEA-2008-0003-1 nss_ldap URL:http://www.securityfocus.com/archive/1/487985/100/0/threaded MISC:26452 URL:http://www.securityfocus.com/bid/26452 MISC:27670 URL:http://secunia.com/advisories/27670 MISC:27768 URL:http://secunia.com/advisories/27768 MISC:27839 URL:http://secunia.com/advisories/27839 MISC:28061 URL:http://secunia.com/advisories/28061 MISC:28838 URL:http://secunia.com/advisories/28838 MISC:29083 URL:http://secunia.com/advisories/29083 MISC:30352 URL:http://secunia.com/advisories/30352 MISC:31227 URL:http://secunia.com/advisories/31227 MISC:31524 URL:http://secunia.com/advisories/31524 MISC:DSA-1430 URL:http://www.debian.org/security/2007/dsa-1430 MISC:GLSA-200711-33 URL:http://security.gentoo.org/glsa/glsa-200711-33.xml MISC:MDVSA-2008:049 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:049~~ (Obsolete source) MISC:RHSA-2008:0389 URL:http://www.redhat.com/support/errata/RHSA-2008-0389.html MISC:RHSA-2008:0715 URL:http://www.redhat.com/support/errata/RHSA-2008-0715.html MISC:SUSE-SR:2008:003 URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html MISC:[Dovecot] 20050303 hanging imap... and users getting other users' emails! URL:http://www.dovecot.org/list/dovecot/2005-March/006345.html MISC:[Dovecot] 20050409 Authentication and the wrong mailbox? URL:http://www.dovecot.org/list/dovecot/2005-April/006859.html MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453868 URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453868 MISC:http://bugs.gentoo.org/show_bug.cgi?id=198390 URL:http://bugs.gentoo.org/show_bug.cgi?id=198390 MISC:http://support.avaya.com/elmodocs2/security/ASA-2008-332.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2008-332.htm MISC:http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0255 URL:http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0255 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=154314 URL:https://bugzilla.redhat.com/show_bug.cgi?id=154314 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=367461 URL:https://bugzilla.redhat.com/show_bug.cgi?id=367461 MISC:https://issues.rpath.com/browse/RPL-1913 URL:https://issues.rpath.com/browse/RPL-1913 MISC:nssldap-ldap-race-condition(38505) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38505 MISC:oval:org.mitre.oval:def:10625 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10625
Assigning CNA
Red Hat, Inc.
Date Record Created
20071102	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071102)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE™ List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2025, The MITRE Corporation. CVE is a trademark and the CVE logo is a registered trademark of The MITRE Corporation.