Vulnerability Note VU#592796
Mozilla Network Security Services (NSS) fails to properly handle the client master key
Overview
A vulnerability in the way Mozilla Network Security Services (NSS) handles the client master key may lead to execution of arbitrary code.
Description
The SSLv2 protocol uses a client master key to generate all subsequent session keys. The validity of the client master key is determined during phase one of the SSL handshake. Mozilla NSS library contains a vulnerability in the way client master keys with invalid length values are handled that may result in a buffer overflow. According to the Mozilla Foundation Security Advisory (MFSA) 2007-06: Servers that use NSS for the SSLv2 protocol can be exploited by a client that presents a "Client Master Key" with invalid length values in any of several fields that are used without adequate error checking. This can lead to a buffer overflow that presumably could be exploitable. Note that this vulnerability may affect any application that uses the Mozilla NSS library. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user who is running the vulnerable application or cause a denial of service. |
Solution
Apply an update |
Disable SSLv2
|
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Fedora Project | Affected | - | 07 Mar 2007 |
| Gentoo Linux | Affected | - | 05 Apr 2007 |
| Mandriva, Inc. | Affected | - | 07 Mar 2007 |
| Mozilla | Affected | - | 27 Feb 2007 |
| Red Hat, Inc. | Affected | - | 07 Mar 2007 |
| rPath | Affected | - | 07 Mar 2007 |
| Slackware Linux Inc. | Affected | - | 05 Apr 2007 |
| Sun Microsystems, Inc. | Affected | - | 05 Apr 2007 |
| SUSE Linux | Affected | - | 07 Mar 2007 |
| Ubuntu | Affected | - | 07 Mar 2007 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483
- http://www.mozilla.org/projects/security/pki/nss/ssl/draft02.html
- http://www.mozilla.org/projects/security/pki/nss/
- http://www.mozilla.com/en-US/firefox/releases/1.5.0.10.html
- http://www.mozilla.com/en-US/firefox/2.0.0.2/releasenotes/
- http://www.mozilla.org/projects/seamonkey/releases/
- http://secunia.com/advisories/24238/
- http://secunia.com/advisories/24287/
- http://secunia.com/advisories/24205/
- http://secunia.com/advisories/24290/
- http://secunia.com/advisories/24253/
- http://secunia.com/advisories/24252/
- http://secunia.com/advisories/24320/
- http://secunia.com/advisories/24328/
- http://secunia.com/advisories/24293/
- http://secunia.com/advisories/24327/
- http://secunia.com/advisories/24277/
- http://secunia.com/advisories/24343/
- http://secunia.com/advisories/24333/
- http://www.ciac.org/ciac/bulletins/r-164.shtml
- http://secunia.com/advisories/24406/
- http://secunia.com/advisories/24384/
- http://secunia.com/advisories/24410/
- http://secunia.com/advisories/24389/
- http://secunia.com/advisories/24455/
- http://secunia.com/advisories/24456/
- http://secunia.com/advisories/24457/
- http://www.securityfocus.com/bid/22694
- http://secunia.com/advisories/24703/
Credit
This vulnerability was reported in Mozilla Foundation Security Advisory 2007-06. Mozilla credits iDefense with reporting this issue.
This document was written by Chris Taschner.
Other Information
- CVE IDs: CVE-2007-0009
- Date Public: 23 Feb 2007
- Date First Published: 07 Mar 2007
- Date Last Updated: 05 Apr 2007
- Severity Metric: 12.72
- Document Revision: 57
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.