(Sun Issues Fix for Java Enterprise System) Mozilla Firefox Integer Underflow in Processing SSLv2 Server Messages Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1017834 |
|
SecurityTracker URL: http://securitytracker.com/id/1017834
|
|
CVE Reference:
CVE-2007-0008, CVE-2007-0009
(Links to External Site)
|
Date: Mar 30 2007
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Mozilla Firefox. A remote user can execute arbitrary code on the target system. Sun Java Enterprise System is affected.
A remote server can send specially crafted SSLv2 server messages to the connected client to trigger an integer underflow in the Network Security Services (NSS) libraries and potentially execute arbitrary code on the target system. The code will run with the privileges of the target user.
A certificate with a public key that is too small to encrypt the "Master Secret" can lead to heap corruption.
NSS versions 3.10 and 3.11.3 are affected ('libnss3.so', 'nss3.dll').
SSLv2 is disabled by default in Firefox 2.
The vendor was notified on December 18, 2006.
regenrecht reported this vulnerability to iDefense.
The original advisories are available at:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483
|
Impact:
A remote user can execute arbitrary code on the target system.
|
Solution:
Sun Java Enterprise System is affected by this Mozilla NSS vulnerability.
Sun has issued the following fixes for Sun Java Enterprise System:
SPARC Platform
* Sun Java Enterprise System 2003Q4, 2004Q2, 2005Q1 and 2005Q4 for Solaris 8 with patch 119209-12 or later
* Sun Java Enterprise System 2003Q4, 2004Q2, 2005Q1 and 2005Q4 for Solaris 9 with patch 119211-12 or later
* Sun Java Enterprise System 2003Q4, 2004Q2, 2005Q1 and 2005Q4 for Solaris 10 with patch 119213-12 or later
* Sun Java Enterprise System 5 with patch 125358-01 or later
* Solaris 9 with patch 119211-12 or later
* Solaris 10 with patch 119213-12 or later
x86 Platform
* Sun Java Enterprise System 2003Q4, 2004Q2, 2005Q1 and 2005Q4 for Solaris 9 with patch 119212-12 or later
* Sun Java Enterprise System 2003Q4, 2004Q2, 2005Q1 and 2005Q4 for Solaris 10 with patch 119214-12 or later
* Sun Java Enterprise System 5 with patch 125359-01 or later
* Solaris 9 with patch 119212-12 or later
* Solaris 10 with patch 119214-12 or later
Linux Platform
* Sun Java Enterprise System 2004Q2, 2005Q1, 2005Q4 and Sun Java Enterprise System 5 with patch 121656-12 or later
HP-UX Platform
* Sun Java Enterprise System 2005Q1, 2005Q4 and Sun Java Enterprise System 5 with patch 124379-03 or later
Windows Platform
* Sun Java Enterprise System 2005Q1, 2005Q4 and Sun Java Enterprise System 5 with patch 125923-01 or later
The Sun advisory is available at
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Fri, 30 Mar 2007 06:21:28 -0500
Subject: Security Vulnerabilities in the Network Security Services (NSS) May Affect SSL Clients and SSL Servers
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
CVE-2007-0008
CVE-2007-0009
|
|
