what you don't know can hurt you
Showing 1 - 11 of 11 RSS Feed

CVE-2014-1568

Status Candidate

Overview

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

Related Files

Mandriva Linux Security Advisory 2015-059
Posted Mar 16, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-059 - Multiple vulnerabilities has been found and corrected in the Mozilla NSS and NSPR packages. The updated packages provides a solution for these security issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-1492, CVE-2014-1544, CVE-2014-1545, CVE-2014-1568, CVE-2014-1569
MD5 | 2c77270c2fd4ff12cd5ee2996304f911
Red Hat Security Advisory 2014-1371-01
Posted Oct 10, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1371-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-1568
MD5 | 33e0cf418ab06560de4630dacf276e48
Red Hat Security Advisory 2014-1354-01
Posted Oct 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1354-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

tags | advisory, remote, shell, kernel, bash
systems | linux, redhat
advisories | CVE-2014-1568, CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
MD5 | b5445223c3bf06729754cd306a178e13
Debian Security Advisory 3037-1
Posted Sep 30, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3037-1 - Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Icedove), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.

tags | advisory
systems | linux, debian
advisories | CVE-2014-1568
MD5 | 6c6582a80e64afb455fb6e0fcf57a741
Red Hat Security Advisory 2014-1307-01
Posted Sep 26, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1307-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2014-1568
MD5 | 245ca4cb772c03c4bcb09c1575c52799
Mandriva Linux Security Advisory 2014-189
Posted Sep 25, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-189 - Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The updated NSPR packages have been upgraded to the latest 4.10.7 version. The updated NSS packages have been upgraded to the latest 3.17.1 version which is not vulnerable to this issue. Additionally the rootcerts package has also been updated to the latest version as of 2014-08-05.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-1568
MD5 | 480741067fae88d0f5a530681f097f1b
Debian Security Advisory 3034-1
Posted Sep 25, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3034-1 - Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy's Iceweasel package), was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.

tags | advisory
systems | linux, debian
advisories | CVE-2014-1568
MD5 | 3d6cfd6084d9a3345f96620a4fca6cad
Debian Security Advisory 3033-1
Posted Sep 25, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3033-1 - Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library) was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack.

tags | advisory
systems | linux, debian
advisories | CVE-2014-1568
MD5 | 843a68ed3ecb31b2862fc232df7b801f
Ubuntu Security Notice USN-2360-1
Posted Sep 25, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2360-1 - Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-1568
MD5 | 8521ff42cfc9e8f7bcaf845db25998ca
Ubuntu Security Notice USN-2360-2
Posted Sep 25, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2360-2 - USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-1568
MD5 | bd6127b2790c8a8557254f22d753056d
Ubuntu Security Notice USN-2361-1
Posted Sep 25, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2361-1 - Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-1568
MD5 | e33372d7810c12bbc13107ef37f8c81c
Page 1 of 1
Back1Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close