A vulnerability in the way Mozilla Network Security Services (NSS) handles the client master key may lead to execution of arbitrary code.
The SSLv2 protocol uses a client master key to generate all subsequent session keys. The validity of the client master key is determined during phase one of the SSL handshake. Mozilla NSS library contains a vulnerability in the way client master keys with invalid length values are handled that may result in a buffer overflow. According to the Mozilla Foundation Security Advisory (MFSA) 2007-06:
Servers that use NSS for the SSLv2 protocol can be exploited by a client that presents a "Client Master Key" with invalid length values in any of several fields that are used without adequate error checking. This can lead to a buffer overflow that presumably could be exploitable.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user who is running the vulnerable application or cause a denial of service.
This vulnerability was reported in Mozilla Foundation Security Advisory 2007-06. Mozilla credits iDefense with reporting this issue.
This document was written by Chris Taschner.
|Date First Published:||2007-03-07|
|Date Last Updated:||2007-04-05 18:59 UTC|