Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в Mozilla libnss (multiple bugs)
дополнено с 25 февраля 2007 г.
Опубликовано:27 февраля 2007 г.
Источник:
SecurityVulns ID:7303
Тип:библиотека
Уровень опасности:
6/10
Описание:Многочисленные переполнения буфера и целочисленные переполнения в реализации кода клиента и сервера SSL2.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MOZILLA : Firefox 1.5
 MOZILLA : nss 3.10
 MICROSOFT : Windows Vista
 OPERA : Opera 9.10
 MOZILLA : nss 3.11
CVE:CVE-2007-0009 (Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.)
 CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.)
Оригинальный текстdocumentMOZILLA, Mozilla Foundation Security Advisory 2007-06 (27.02.2007)
 documentIDEFENSE, iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability (25.02.2007)
 documentIDEFENSE, iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability (25.02.2007)
 documentIDEFENSE, iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability (25.02.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород