From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200703-22.xml | 68 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 metadata/glsa/glsa-200703-22.xml (limited to 'metadata/glsa/glsa-200703-22.xml') diff --git a/metadata/glsa/glsa-200703-22.xml b/metadata/glsa/glsa-200703-22.xml new file mode 100644 index 000000000000..4ce282f0379d --- /dev/null +++ b/metadata/glsa/glsa-200703-22.xml @@ -0,0 +1,68 @@ + + + + Mozilla Network Security Service: Remote execution of arbitrary code + + The Mozilla Network Security Services libraries are vulnerable to two + buffer overflows that could result in the remote execution of arbitrary + code. + + nss + 2007-03-20 + 2007-03-20: 01 + 165555 + remote + + + 3.11.5 + 3.11.5 + + + +

+ The Mozilla Network Security Service is a library implementing security + features like SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, + S/MIME and X.509 certificates. +

+ + +

+ iDefense has reported two potential buffer overflow vulnerabilities + found by researcher "regenrecht" in the code implementing the SSLv2 + protocol. +

+ + +

+ A remote attacker could send a specially crafted SSL master key to a + server using NSS for the SSLv2 protocol, or entice a user to connect to + a malicious server with a client-side application using NSS like one of + the Mozilla products. This could trigger the vulnerabilities and result + in the possible execution of arbitrary code with the rights of the + vulnerable application. +

+ + +

+ Disable the SSLv2 protocol in the applications using NSS. +

+ + +

+ All NSS users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.11.5" + + + CVE-2007-0008 + CVE-2007-0009 + + + falco + + + vorlon + + -- cgit v1.2.3