CVE-2007-5794 — Race Condition in Libnss-ldap

CWE-362 — Race Condition8 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

1.6%

top 18.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libnss-ldap

Timeline

PublishedNov 13

Latest updateMay 1

Description

Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶debiandebian/libnss-ldap< libnss-ldap 256-1 (bullseye)

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-8frr-8v9h-5c7m: Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user d↗2022-05-01

▶

OSV

CVE-2007-5794: Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user d↗2007-11-13

▶

📋Vendor Advisories

Debian

CVE-2007-5794: libnss-ldap - Race condition in nss_ldap, when used in applications that are linked against th...↗2007

▶

Red Hat

nss_ldap randomly replying with wrong user's data↗2005-04-09

▶

📐Framework References

CWE

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')↗

▶

💬Community

Bugzilla

CVE-2007-5794 nss_ldap randomly replying with wrong user's data↗2007-11-05

▶

Bugzilla

CVE-2007-5794 nss_ldap randomly replying with wrong user's data [rhel-4.7]↗2005-04-17

▶