Info

Disclosure

Feb 23, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in Mozilla Foundation's Network Security Services (NSS) libraries. The vulnerability is due to inadequate error checking in the Network Security Services (NSS) code that is responsible for handling the Client Master Key. A remote attacker can exploit the vulnerability with a specially-crafted SSLv2 certificate containing a Client Master Key with invalid length values. This may result in a stack-based buffer overflow allowing the attacker to crash the affected server or to execute arbitrary code in the context of the affected server, resulting in a loss of availability and/or integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public, Exploit Private
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to the following versions of the affected products as these versions have been reported to fix this vulnerability: Mozilla Network Security Services (NSS): version 3.11.5 or higher It is also possible to correct the flaw by implementing the following workaround(s): Disable the SSLv2 protocol in any product that has not already done so.

Products

Mozilla Organization	Network Security Services (NSS)	3.11.5
		3.11.4
		3.11.3
		3.10
		3.9.x
		3.8.x
		3.7.x
		3.6.x
		3.5.x
		3.4.x
		3.3.x
		3.2.x
		3.11.5
		3.11.4
		3.11.3
		3.10
		3.9.x
		3.8.x
		3.7.x
		3.6.x
		3.5.x
		3.4.x
		3.3.x
		3.2.x

References

CVE ID: 2007-0009 (see also: NVD)
Secunia Advisory ID: 24205 24253 24333 24342 24343 24384 24389 24395 24410 24522 24562 24569 24650 24703 25588 25597
Related OSVDB ID: 32105
CERT VU: 592796
VUPEN Advisory: ADV-2007-0718 ADV-2007-0719
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc http://fedoranews.org/cms/node/2709
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0006.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1
http://www.gentoo.org/security/en/glsa/glsa-200703-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
http://www.ubuntu.com/usn/usn-428-1
http://www.ubuntu.com/usn/usn-428-2
http://www.ubuntu.com/usn/usn-431-1
http://www.us.debian.org/security/2007/dsa-1336
Vendor Specific Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://lists.rpath.com/pipermail/security-announce/2007-February/000153.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0547.html
Vendor Specific News/Changelog Entry: http://www.mozilla.org/projects/seamonkey/releases/
https://bugzilla.mozilla.org/show_bug.cgi?id=364323
Generic Informational URL: http://www.mozilla.org/projects/security/known-vulnerabilities.html
http://www.mozilla.org/projects/security/pki/nss/ssl/draft02.html
CIAC Advisory: R-164
RedHat RHSA: RHSA-2007:0077 RHSA-2007:0078 RHSA-2007:0078-2 RHSA-2007:0079 RHSA-2007:0097-5 RHSA-2007:0108-4

Credit

Michał Luczaj - regenrechto2.pl -
Michał Luczaj - regenrechto2.pl -

Direct URL: http://osvdb.org/32106

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Mozilla Organization

Network Security Services (NSS)

References

Credit