CVE - CVE-2007-5794

CVE-ID
CVE-2007-5794	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:26452 URL:http://www.securityfocus.com/bid/26452 BUGTRAQ:20080212 FLEA-2008-0003-1 nss_ldap URL:http://www.securityfocus.com/archive/1/487985/100/0/threaded CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453868 CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=198390 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-332.htm CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0255 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=154314 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=367461 CONFIRM:https://issues.rpath.com/browse/RPL-1913 DEBIAN:DSA-1430 URL:http://www.debian.org/security/2007/dsa-1430 GENTOO:GLSA-200711-33 URL:http://security.gentoo.org/glsa/glsa-200711-33.xml MANDRIVA:MDVSA-2008:049 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:049 MLIST:[Dovecot] 20050303 hanging imap... and users getting other users' emails! URL:http://www.dovecot.org/list/dovecot/2005-March/006345.html MLIST:[Dovecot] 20050409 Authentication and the wrong mailbox? URL:http://www.dovecot.org/list/dovecot/2005-April/006859.html OVAL:oval:org.mitre.oval:def:10625 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10625 REDHAT:RHSA-2008:0389 URL:http://www.redhat.com/support/errata/RHSA-2008-0389.html REDHAT:RHSA-2008:0715 URL:http://www.redhat.com/support/errata/RHSA-2008-0715.html SECTRACK:1020088 URL:http://www.securitytracker.com/id?1020088 SECUNIA:27670 URL:http://secunia.com/advisories/27670 SECUNIA:27768 URL:http://secunia.com/advisories/27768 SECUNIA:27839 URL:http://secunia.com/advisories/27839 SECUNIA:28061 URL:http://secunia.com/advisories/28061 SECUNIA:28838 URL:http://secunia.com/advisories/28838 SECUNIA:29083 URL:http://secunia.com/advisories/29083 SECUNIA:30352 URL:http://secunia.com/advisories/30352 SECUNIA:31227 URL:http://secunia.com/advisories/31227 SECUNIA:31524 URL:http://secunia.com/advisories/31524 SUSE:SUSE-SR:2008:003 URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html XF:nssldap-ldap-race-condition(38505) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38505
Assigning CNA
Red Hat, Inc.
Date Entry Created
20071102	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071102)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select “Other” from dropdown)