Web application abuses : Multiple Products NSS Library Buffer Overflow Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800920
Categoría:	Web application abuses
Título:	Multiple Products NSS Library Buffer Overflow Vulnerability
Resumen:	Firefox or Thunderbird or SeaMonkey or Evolution or Pidgin or AOL Instant Messenger Product(s) is prone to a buffer overflow vulnerability.
Descripción:	Summary: Firefox or Thunderbird or SeaMonkey or Evolution or Pidgin or AOL Instant Messenger Product(s) is prone to a buffer overflow vulnerability. Vulnerability Insight: A flaw exists in the regular expression parser used in the NSS library to match common names in certificates and may result in a heap based buffer overflow. It can be exploited via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary code in the context of the affected application and may lead to denial of service. Affected Software/OS: Firefox/Thunderbird/SeaMonkey/Evolution/Pidgin/AOL Instant Messenger containing NSS library before 3.12.3. Solution: Upgrade to NSS library 3.12.3 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2404 1021030 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 1021699 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1 273910 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1 35891 http://www.securityfocus.com/bid/35891 36088 http://secunia.com/advisories/36088 36102 http://secunia.com/advisories/36102 36125 http://secunia.com/advisories/36125 36139 http://secunia.com/advisories/36139 36157 http://secunia.com/advisories/36157 36434 http://secunia.com/advisories/36434 37098 http://secunia.com/advisories/37098 39428 http://secunia.com/advisories/39428 ADV-2009-2085 http://www.vupen.com/english/advisories/2009/2085 DSA-1874 http://www.debian.org/security/2009/dsa-1874 MDVSA-2009:197 http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 MDVSA-2009:216 http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 RHSA-2009:1185 http://rhn.redhat.com/errata/RHSA-2009-1185.html RHSA-2009:1207 http://www.redhat.com/support/errata/RHSA-2009-1207.html SUSE-SA:2009:048 http://www.novell.com/linux/security/advisories/2009_48_firefox.html TA10-103B http://www.us-cert.gov/cas/techalerts/TA10-103B.html USN-810-1 http://www.ubuntu.com/usn/usn-810-1 USN-810-2 https://usn.ubuntu.com/810-2/ http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf http://www.mozilla.org/security/announce/2009/mfsa2009-43.html http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html https://bugzilla.redhat.com/show_bug.cgi?id=512912 oval:org.mitre.oval:def:11174 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11174 oval:org.mitre.oval:def:8658 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8658
Copyright	Copyright (C) 2009 Greenbone AG