Bug 13441 - CVE-2007-5794 Race Condition Security Issue
Summary: CVE-2007-5794 Race Condition Security Issue
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: nss_ldap (show other bugs)
Version: unstable
Hardware: all Linux
: P2 normal
Assignee: stalker
QA Contact: qa-sisyphus
URL:
Keywords:
Depends on:
Blocks: 14135
  Show dependency tree
 
Reported: 2007-11-16 08:59 MSK by Vladimir V. Kamarzin
Modified: 2008-01-24 10:19 MSK (History)
9 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir V. Kamarzin 2007-11-16 08:59:33 MSK 
Race condition in nss_ldap, when used in applications that use pthread and fork
after a call to nss_ldap, does not properly handle the LDAP connection, which
might cause nss_ldap to return the wrong user data to the wrong process. NOTE:
this issue was originally reported for Dovecot with the wrong mailboxes being
returned, but other applications might also be affected.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794

Solution:
Update to version 259.
Comment 1 Michael Shigorin 2007-11-24 14:51:39 MSK 
Надо бы починить.
Comment 2 stalker 2007-11-25 20:55:28 MSK 
У меня на этой неделе профаттестация. Если всё будет сносно - то на будущей
неделе займусь.
Comment 3 Michael Shigorin 2007-12-06 11:05:33 MSK 
ping
Comment 4 Vladimir V. Kamarzin 2008-01-23 09:14:40 MSK 
Пакет обновили, а багу не закрыли, безобразие.
Comment 5 Vladimir V. Kamarzin 2008-01-23 09:15:04 MSK 
И в ченджлог пакета упоминание о CVE не добавили.
Comment 6 Vladimir V. Kamarzin 2008-01-23 09:15:25 MSK 
И в бранч и в updates не положили.
Comment 7 Michael Shigorin 2008-01-24 10:19:50 MSK 
Ну... безобразие, но надо иногда страховать коллег; за что тебе и спасибо :)