English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75803 CVE descriptions
and 40037 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60404
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDVSA-2008:049 (nss_ldap)
Summary:Mandrake Security Advisory MDVSA-2008:049 (nss_ldap)
Description:
The remote host is missing an update to nss_ldap
announced via advisory MDVSA-2008:049.

A race condition in nss_ldap, when used in applications that use
pthread and fork after a call to nss_ldap, does not properly handle the
LDAP connection, which might cause nss_ldap to return the wrong user
data to the wrong process, giving one user access to data belonging
to another user, in some cases.

The updated package hais been patched to prevent this issue.

Affected: 2007.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:049

Risk factor : Medium
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5794
Bugtraq: 20080212 FLEA-2008-0003-1 nss_ldap (Google Search)
http://www.securityfocus.com/archive/1/archive/1/487985/100/0/threaded
http://bugs.gentoo.org/show_bug.cgi?id=198390
http://www.dovecot.org/list/dovecot/2005-March/006345.html
http://www.dovecot.org/list/dovecot/2005-April/006859.html
Debian Security Information: DSA-1430 (Google Search)
http://www.debian.org/security/2007/dsa-1430
http://security.gentoo.org/glsa/glsa-200711-33.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:049
http://www.redhat.com/support/errata/RHSA-2008-0389.html
http://www.redhat.com/support/errata/RHSA-2008-0715.html
SuSE Security Announcement: SUSE-SR:2008:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
BugTraq ID: 26452
http://www.securityfocus.com/bid/26452
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10625
http://www.securitytracker.com/id?1020088
http://secunia.com/advisories/27670
http://secunia.com/advisories/27768
http://secunia.com/advisories/27839
http://secunia.com/advisories/28061
http://secunia.com/advisories/28838
http://secunia.com/advisories/29083
http://secunia.com/advisories/30352
http://secunia.com/advisories/31227
http://secunia.com/advisories/31524
XForce ISS Database: nssldap-ldap-race-condition(38505)
http://xforce.iss.net/xforce/xfdb/38505
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.