what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2014-1491

Status Candidate

Overview

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.

Related Files

Red Hat Security Advisory 2014-1246-01
Posted Sep 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1246-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1545
SHA-256 | 25f1fdc017f9a95d3cee062e33da2f40130debeb3d3442262cac02c0f768b952
Debian Security Advisory 2994-1
Posted Aug 2, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2994-1 - Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-1741, CVE-2013-5606, CVE-2014-1491, CVE-2014-1492
SHA-256 | 528f4677ccb5d5cb94823d6222c7de358ac0c637069400ec308261d6e1822ddb
Red Hat Security Advisory 2014-0979-01
Posted Jul 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0979-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that NSS accepted weak Diffie-Hellman Key exchange parameters. This could possibly lead to weak encryption being used in communication between the client and the server.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2014-1491
SHA-256 | 7e472af39243b2111c21f2041f546e46ac85697a4ad1633bc4b0836a92c7ee63
Red Hat Security Advisory 2014-0917-01
Posted Jul 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0917-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545
SHA-256 | 1fbbded1e323cfe2bc56f39ece91381947f983d3521f4f1a05904aa80a6a7550
Ubuntu Security Notice USN-2119-1
Posted Feb 20, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2119-1 - Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen and Sotaro Ikeda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Cody Crews discovered a method to bypass System Only Wrappers. If a user had enabled scripting, an attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1477, CVE-2014-1479, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487, CVE-2014-1481, CVE-2013-6674, CVE-2013-6674, CVE-2014-1477, CVE-2014-1479, CVE-2014-1481, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487, CVE-2014-1490, CVE-2014-1491
SHA-256 | 5d3902230b50cfd2bd1b1b1aa5ebd526fbc1fd4a01b7b4e886ba19146d65c11b
Ubuntu Security Notice USN-2102-1
Posted Feb 10, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2102-1 - Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward and Sotaro Ikeda discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1478, CVE-2014-1479, CVE-2014-1480, CVE-2014-1482, CVE-2014-1483, CVE-2014-1485, CVE-2014-1486, CVE-2014-1487, CVE-2014-1489, CVE-2014-1488, CVE-2014-1481, CVE-2014-1477, CVE-2014-1478, CVE-2014-1479, CVE-2014-1480, CVE-2014-1481, CVE-2014-1482, CVE-2014-1483, CVE-2014-1485, CVE-2014-1486, CVE-2014-1487, CVE-2014-1488, CVE-2014-1489, CVE-2014-1490, CVE-2014-1491
SHA-256 | 0112eed2fceaf13b2542d6600afaeb7f15912d2d310028a88473ed6d7bf8838e
Debian Security Advisory 2858-1
Posted Feb 10, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2858-1 - Multiple security issues have been found in Iceweasel, Debian's version use-after-frees, too-verbose error messages and missing permission checks may lead to the execution of arbitrary code, the bypass of security checks or information disclosure. This update also addresses security issues in the bundled version of the NSS crypto library.

tags | advisory, arbitrary, crypto, info disclosure
systems | linux, debian
advisories | CVE-2014-1477, CVE-2014-1479, CVE-2014-1481, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487, CVE-2014-1490, CVE-2014-1491
SHA-256 | 3a4bb06a518cf1e26337e7a1c86410d103df0d9d3d8f00585f44f06686d82ab2
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close