accept no compromises
Showing 1 - 9 of 9 RSS Feed

CVE-2013-5606

Status Candidate

Overview

The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.

Related Files

Gentoo Linux Security Advisory 201504-01
Posted Apr 7, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201504-1 - Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. Versions less than 31.5.3 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1741, CVE-2013-2566, CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5598, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604, CVE-2013-5605, CVE-2013-5606, CVE-2013-5607, CVE-2013-5609, CVE-2013-5610, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619
MD5 | 49557c34bd5a98de995feb8fe8bc3d2c
Debian Security Advisory 2994-1
Posted Aug 2, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2994-1 - Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-1741, CVE-2013-5606, CVE-2014-1491, CVE-2014-1492
MD5 | 240f7bb95a6afa42e30a20578d7e873f
Gentoo Linux Security Advisory 201406-19
Posted Jun 24, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201406-19 - Multiple vulnerabilities have been discovered in Mozilla Network Security Service, the worst of which could lead to Denial of Service. Versions less than 3.15.3 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1620, CVE-2013-1739, CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5606, CVE-2013-5607
MD5 | 05258dd01be557353cd6fd1510a96e9f
Red Hat Security Advisory 2014-0041-01
Posted Jan 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0041-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade Red Hat Enterprise Virtualization Hypervisor 6.4 to version 6.5 through the 3.3 Manager administration portal, configuration of the previous system appears to be lost when reported in the TUI. However, this is an issue in the TUI itself, not in the upgrade process; the configuration of the system is not affected.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2013-4353, CVE-2013-5605, CVE-2013-5606, CVE-2013-6449
MD5 | 72012108b4e0ac9994ca135048cea149
Red Hat Security Advisory 2013-1829-01
Posted Dec 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1829-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2013-1739, CVE-2013-1741, CVE-2013-5605, CVE-2013-5606, CVE-2013-5607
MD5 | 006629f180df0482a90f037affbe37d0
Red Hat Security Advisory 2013-1791-01
Posted Dec 6, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1791-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2013-1739, CVE-2013-1741, CVE-2013-5605, CVE-2013-5606, CVE-2013-5607
MD5 | 028a41e99a7b6679ef72e47f223ac5ae
Mandriva Linux Security Advisory 2013-270
Posted Nov 20, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-270 - Multiple security issues was identified and fixed in mozilla NSPR and NSS. Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Integer overflow in Mozilla Network Security Services 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2013-1739, CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5606, CVE-2013-5607
MD5 | 8a06fbbf1773fb0d6a3beb0ab6f506d5
Mandriva Linux Security Advisory 2013-269
Posted Nov 20, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-269 - Multiple security issues was identified and fixed in mozilla NSPR, NSS, and firefox. Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Integer overflow in Mozilla Network Security Services 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. Various other issues have also been addressed.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2013-1739, CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5606, CVE-2013-5607
MD5 | f0103df91db8df936fb1762bdb654fb8
Ubuntu Security Notice USN-2030-1
Posted Nov 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2030-1 - Multiple security issues were discovered in NSS. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. This update also adds TLS v1.2 support to Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.04.

tags | advisory, denial of service, arbitrary, info disclosure
systems | linux, ubuntu
advisories | CVE-2013-1739, CVE-2013-1741, CVE-2013-5605, CVE-2013-5606
MD5 | 85bdb99360960a66c083a6bd23a84ebc
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    2 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close