Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2007-5794

Disclosure Date: November 13, 2007 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

nss ldap

Products

nss ldap

References

Canonical

CVE-2007-5794 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794)

BID-26452 (http://www.securityfocus.com/bid/26452)

Advisory

SECUNIA-28061 (http://secunia.com/advisories/28061)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453868

SECUNIA-27670 (http://secunia.com/advisories/27670)

[Dovecot] 20050303 hanging imap... and users getting other users' emails! (http://www.dovecot.org/list/dovecot/2005-March/006345.html)

https://bugzilla.redhat.com/show_bug.cgi?id=154314

http://bugs.gentoo.org/show_bug.cgi?id=198390

SECUNIA-29083 (http://secunia.com/advisories/29083)

GLSA-200711-33 (http://security.gentoo.org/glsa/glsa-200711-33.xml)

[Dovecot] 20050409 Authentication and the wrong mailbox? (http://www.dovecot.org/list/dovecot/2005-April/006859.html)

20080212 FLEA-2008-0003-1 nss_ldap (http://www.securityfocus.com/archive/1/487985/100/0/threaded)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10625

https://issues.rpath.com/browse/RPL-1913

SECUNIA-27768 (http://secunia.com/advisories/27768)

https://bugzilla.redhat.com/show_bug.cgi?id=367461

SECUNIA-27839 (http://secunia.com/advisories/27839)

http://www.redhat.com/support/errata/RHSA-2008-0389.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:049

SECUNIA-30352 (http://secunia.com/advisories/30352)

SECUNIA-31227 (http://secunia.com/advisories/31227)

DSA-1430 (http://www.debian.org/security/2007/dsa-1430)

http://support.avaya.com/elmodocs2/security/ASA-2008-332.htm

SECUNIA-31524 (http://secunia.com/advisories/31524)

SECTRACK-1020088 (http://www.securitytracker.com/id?1020088)

http://www.redhat.com/support/errata/RHSA-2008-0715.html

SECUNIA-28838 (http://secunia.com/advisories/28838)

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

XF-nssldap-ldap-race-condition(38505) (https://exchange.xforce.ibmcloud.com/vulnerabilities/38505)

http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0255

Rapid7

Technical Analysis