CVE-2007-5794
EPSS 1.6%libnss-ldap - information disclosure
Published: 11/13/2007Modified: 4/28/2026
Description
Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
Affected packages (2)
- Debian/libnss-ldapfrom 0, < 256-1
- Debian/libnss-ldapfrom 0, < 251-7.5etch1