Exploit the possiblities
Showing 1 - 9 of 9 RSS Feed

CVE-2014-1492

Status Candidate

Overview

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.

Related Files

Mandriva Linux Security Advisory 2015-059
Posted Mar 16, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-059 - Multiple vulnerabilities has been found and corrected in the Mozilla NSS and NSPR packages. The updated packages provides a solution for these security issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-1492, CVE-2014-1544, CVE-2014-1545, CVE-2014-1568, CVE-2014-1569
MD5 | 2c77270c2fd4ff12cd5ee2996304f911
Red Hat Security Advisory 2014-1246-01
Posted Sep 16, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1246-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1545
MD5 | 2370ddfc5ea1d05fa98099be4cbf5906
Red Hat Security Advisory 2014-1073-01
Posted Aug 18, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1073-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. It was found that the implementation of Internationalizing Domain Names in Applications hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. In addition, the nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2, which provides a number of bug fixes and enhancements over the previous versions.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-1492
MD5 | cbbb62ef5ca53909bb125d4a8cbdc5fb
Debian Security Advisory 2994-1
Posted Aug 2, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2994-1 - Several vulnerabilities have been discovered in nss, the Mozilla Network Security Service library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-1741, CVE-2013-5606, CVE-2014-1491, CVE-2014-1492
MD5 | 240f7bb95a6afa42e30a20578d7e873f
Red Hat Security Advisory 2014-0917-01
Posted Jul 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0917-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545
MD5 | 125563ddbb4d52dd83f64bf8258af734
Ubuntu Security Notice USN-2185-1
Posted Apr 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2185-1 - Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, John Schoenick, Karl Tomlinson, Vladimir Vukicevic and Christian Holler discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. An out of bounds read was discovered in Web Audio. An attacker could potentially exploit this cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1492, CVE-2014-1518, CVE-2014-1519, CVE-2014-1522, CVE-2014-1523, CVE-2014-1524, CVE-2014-1525, CVE-2014-1526, CVE-2014-1528, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532
MD5 | 7bebc044b3d716ef3d5746ff8fb59bd0
Ubuntu Security Notice USN-2159-1
Posted Apr 2, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2159-1 - It was discovered that NSS incorrectly handled wildcard certificates when used with internationalized domain names. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to spoof SSL servers.

tags | advisory, remote, spoof
systems | linux, ubuntu
advisories | CVE-2014-1492
MD5 | 84fbf6a4eaf5182f23854cf58179fcee
Slackware Security Advisory - mozilla-nss Updates
Posted Mar 30, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2014-1492
MD5 | 05611c0b154ff1745c960aaeb99ebf70
Mandriva Linux Security Advisory 2014-066
Posted Mar 20, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-066 - A vulnerability has been found and corrected in mozilla NSS. In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2. The updated packages have been upgraded to the latest NSPR and NSS versions which is not vulnerable to this issue. Additionally the rootcerts package has also been updated to version 1.97, which adds, removes, and distrusts several certificates.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-1492
MD5 | 1bf2734730f09ab011e31755eb0b5e58
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close