exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2013-0743

Status Candidate

Overview

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a problem that is categorized as a vulnerability within CVE. Compromised or unauthorized SSL certificates are not within CVE's scope. Notes: none.

Related Files

Mandriva Linux Security Advisory 2013-050
Posted Apr 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-050 - Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. The rootcerts package has been upgraded to address this flaw and the Mozilla NSS package has been rebuilt to pickup the changes. The TLS implementation in Mozilla Network Security Services does not properly consider timing side-channel attacks on a non-compliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. The NSPR package has been upgraded to the 4.9.5 version due to dependencies of newer NSS. The NSS package has been upgraded to the 3.14.3 version which is not vulnerable to this issue. The sqlite3 update addresses a crash when using svn commit after export MALLOC_CHECK_=3.

tags | advisory, remote, root
systems | linux, mandriva
advisories | CVE-2013-0743, CVE-2013-1620
SHA-256 | 6f28f25462373688057eaa4d71d9be8e68c769c5e5d47a46c0bf0334b46cfca6
Ubuntu Security Notice USN-1681-4
Posted Feb 5, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1681-4 - USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, Firefox suffered from instabilities when accessing some websites. This update fixes the problem. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829, CVE-2013-0768, CVE-2013-0759, CVE-2013-0744, CVE-2013-0764, CVE-2013-0747, CVE-2013-0748, CVE-2013-0750, CVE-2013-0752, CVE-2013-0743
SHA-256 | bf192cfff19c29e10b100e4aec1f13cafb8ca88e7634b0553139b7a451b50736
Ubuntu Security Notice USN-1681-3
Posted Jan 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1681-3 - USN-1681-1 fixed vulnerabilities in Firefox. Due to an upstream regression, some translations became unusable after upgrading. This update fixes the problem. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829, CVE-2013-0768, CVE-2013-0759, CVE-2013-0744, CVE-2013-0764, CVE-2013-0747, CVE-2013-0748, CVE-2013-0750, CVE-2013-0752, CVE-2013-0743
SHA-256 | aef9bd0134382453da04d18de3f8d989d0313ca67877b0a7c7b82b2dd398cd22
Ubuntu Security Notice USN-1687-2
Posted Jan 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1687-2 - USN-1687-1 fixed a vulnerability NSS. This update provides the NSPR needed to use the new NSS. Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-0743
SHA-256 | 83cecb914e0d84557ebb4ebd287e67e2410142d4bda1a45acb0c83ad55cb99da
Ubuntu Security Notice USN-1687-1
Posted Jan 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1687-1 - Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-0743
SHA-256 | 2c880fd754a63df7f4e2ab3b0fb2a8d3137ab98e86a46fe7a2f65b59f9d403e7
Mandriva Linux Security Advisory 2013-003
Posted Jan 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-003 - Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. The rootcerts package has been upgraded to address this flaw and the Mozilla NSS package has been rebuilt to pickup the changes.

tags | advisory, root
systems | linux, mandriva
advisories | CVE-2013-0743
SHA-256 | 3d94d3b0d2d1647beb5ae26b794650a765c690cdc66365234712f301f98b0429
Mandriva Linux Security Advisory 2013-002
Posted Jan 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-002 - Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle traffic management of domain names that the customer did not legitimately own or control. Various other issues were also addressed.

tags | advisory, root
systems | linux, mandriva
advisories | CVE-2013-0743, CVE-2013-0754, CVE-2013-0753, CVE-2013-0758, CVE-2013-0750, CVE-2013-0748, CVE-2013-0746, CVE-2013-0744, CVE-2013-0759, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769
SHA-256 | 9ee750b2b8c7902fd7785c0edbfdc5773ae0ab089e0b3acc4daccaf1b8b4b1c4
Ubuntu Security Notice USN-1681-2
Posted Jan 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1681-2 - USN-1681-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829, CVE-2013-0768, CVE-2013-0759, CVE-2013-0744, CVE-2013-0764, CVE-2013-0747, CVE-2013-0748, CVE-2013-0750, CVE-2013-0752, CVE-2013-0743, CVE-2012-5829, CVE-2013-0743, CVE-2013-0744, CVE-2013-0745, CVE-2013-0746, CVE-2013-0747, CVE-2013-0748, CVE-2013-0749, CVE-2013-0750, CVE-2013-0752, CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756
SHA-256 | f5f21baaa2090e5debbc39691d9b154f1862f668e44f0e1c14d83a6f6939615a
Ubuntu Security Notice USN-1681-1
Posted Jan 9, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1681-1 - Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Bill Gianopoulos, Benoit Jacob, Gary Kwong, Robert O'Callahan, Jesse Ruderman, and Julian Seward discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered several user-after-free and buffer overflows in Firefox. An attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, overflow
systems | linux, ubuntu
advisories | CVE-2013-0763, CVE-2013-0766, CVE-2013-0767, CVE-2013-0771, CVE-2012-5829, CVE-2013-0768, CVE-2013-0759, CVE-2013-0744, CVE-2013-0764, CVE-2013-0747, CVE-2013-0748, CVE-2013-0750, CVE-2013-0752, CVE-2013-0743, CVE-2012-5829, CVE-2013-0743, CVE-2013-0744, CVE-2013-0745, CVE-2013-0746, CVE-2013-0747, CVE-2013-0748, CVE-2013-0749, CVE-2013-0750, CVE-2013-0752, CVE-2013-0753, CVE-2013-0754, CVE-2013-0755, CVE-2013-0756
SHA-256 | 2b169ae0a8e50a945bfa9a6ad63afd568bcd5a5ccd5f1e2be9c786c6f49cbde9
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close