what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2007-0009

Status Candidate

Overview

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

Related Files

Debian Linux Security Advisory 1336-1
Posted Jul 23, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1336-1 - Several remote vulnerabilities have been discovered in Mozilla Firefox. These vulnerabilities range from cross site scripting to integer overflows.

tags | advisory, remote, overflow, vulnerability, xss
systems | linux, debian
advisories | CVE-2007-1282, CVE-2007-0994, CVE-2007-0995, CVE-2007-0996, CVE-2007-0981, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0778, CVE-2007-0045, CVE-2006-6077
SHA-256 | a98c39a362439e5b88e741c42cab3df3a56653b20b92b9b497c954513ffad1b0
Gentoo Linux Security Advisory 200703-22
Posted Mar 21, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200703-22 - iDefense has reported two potential buffer overflow vulnerabilities found by researcher regenrecht in the code implementing the SSLv2 protocol. Versions less than 3.11.5 are affected.

tags | advisory, overflow, vulnerability, protocol
systems | linux, gentoo
advisories | CVE-2007-0008, CVE-2007-0009
SHA-256 | 72a04b8fd36b196d5d79f64d9f94bfdc9b93cdc6b9aa31fbee63aed8a7fc945e
Gentoo Linux Security Advisory 200703-18
Posted Mar 20, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200703-18 - Georgi Guninski reported a possible integer overflow in the code handling text/enhanced or text/richtext MIME emails. Additionally, various researchers reported errors in the JavaScript engine potentially leading to memory corruption. Additionally, the binary version of Mozilla Thunderbird includes a vulnerable NSS library which contains two possible buffer overflows involving the SSLv2 protocol. Versions less than 1.5.0.10 are affected.

tags | advisory, overflow, javascript, protocol
systems | linux, gentoo
advisories | CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, CVE-2007-1282
SHA-256 | a563f9b94b8699de557578b04754c0b16dacda38c320528899e82e8a1a07d59a
Mandriva Linux Security Advisory 2007.052
Posted Mar 9, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.10.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777
SHA-256 | f7a8d5e7041622e079eded1e0ed0bf7bac944422c455a68faf68affd720450fd
Ubuntu Security Notice 431-1
Posted Mar 9, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 431-1 - The SSLv2 protocol support in the NSS library did not sufficiently check the validity of public keys presented with a SSL certificate. A malicious SSL web site using SSLv2 could potentially exploit this to execute arbitrary code with the user's privileges. The SSLv2 protocol support in the NSS library did not sufficiently verify the validity of client master keys presented in an SSL client certificate. A remote attacker could exploit this to execute arbitrary code in a server application that uses the NSS library. Various flaws have been reported that could allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page.

tags | advisory, remote, web, arbitrary, protocol
systems | linux, ubuntu
advisories | CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777
SHA-256 | 9c436bfadf20ae8862df74281d0622c386dda1ba146f6515d38db17a038d22e3
Mandriva Linux Security Advisory 2007.050
Posted Mar 8, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.10.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995, CVE-2007-0996, CVE-2007-1092
SHA-256 | a6c727c9c55b7a3d9a6b157a2ab03de066cd8481902e55ee8a61cf7b1109a114
Mandriva Linux Security Advisory 2007.050
Posted Mar 6, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.10.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995, CVE-2007-0996, CVE-2007-1092
SHA-256 | 34faf69d53de56d5a38c7ca739e1ce69186e39d4823b154794ad09079dc48938
Ubuntu Security Notice 428-1
Posted Mar 6, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 428-1 - Firefox has been patched to fix a slew of miscellaneous vulnerabilities including cross site scripting and SSL flaws.

tags | advisory, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995, CVE-2007-0996, CVE-2007-1092
SHA-256 | 624e75c29f4a125c67b1be7fc1f599a665731a75def9a05badf4fc8845961c58
iDEFENSE Security Advisory 2007-02-23.2
Posted Feb 24, 2007
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 02.23.07 - Remote exploitation of an input validation error causing an integer underflow in version 3.10 of the Mozilla Foundation's Network Security Services (NSS) may allow an attacker to cause a stack-based buffer overflow and execute arbitrary code on the affected application. The vulnerability specifically exists in code responsible for handling the client master key. While negotiating an SSLv2 session, a client can specify invalid parameters which causes an integer underflow. The resulting value is used as the amount of memory to copy into a fixed size stack buffer. As a result, a potentially exploitable stack-based buffer overflow condition occurs. iDefense has confirmed this vulnerability exists in versions 3.10 and 3.11.3 of the Mozilla Network Security Services. These libraries are used in a variety of products from multiple vendors including Sun Microsystems, Red Hat and Mozilla. Previous versions are also likely to be affected. The names 'libnss3.so' on Linux based systems or 'nss3.dll' on Windows based systems may indicate the library is being used by an application.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat, windows
advisories | CVE-2007-0009
SHA-256 | dc4ab453dda77e026844208264a462cb957ca2492ea8e8a46e862bdaf9c7328f
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close