FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-0008

This CVE name corresponds to:

Entered Topic
2007-02-24 mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-0008 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-0008
Phase Assigned(20061219)

Description

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

References

Source Reference
BUGTRAQ 20070226 rPSA-2007-0040-1 firefox
BUGTRAQ 20070303 rPSA-2007-0040-3 firefox thunderbird
CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
IDEFENSE 20070223 Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability
MISC https://bugzilla.mozilla.org/show_bug.cgi?id=364319
CONFIRM https://issues.rpath.com/browse/RPL-1081
CONFIRM https://issues.rpath.com/browse/RPL-1103
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
DEBIAN DSA-1336
FEDORA FEDORA-2007-278
FEDORA FEDORA-2007-279
FEDORA FEDORA-2007-281
FEDORA FEDORA-2007-293
FEDORA FEDORA-2007-308
FEDORA FEDORA-2007-309
GENTOO GLSA-200703-18
GENTOO GLSA-200703-22
HP HPSBUX02153
HP SSRT061181
MANDRIVA MDKSA-2007:050
MANDRIVA MDKSA-2007:052
REDHAT RHSA-2007:0079
REDHAT RHSA-2007:0077
REDHAT RHSA-2007:0078
REDHAT RHSA-2007:0097
REDHAT RHSA-2007:0108
SGI 20070301-01-P
SGI 20070202-01-P
SLACKWARE SSA:2007-066-03
SLACKWARE SSA:2007-066-04
SLACKWARE SSA:2007-066-05
SUNALERT 102856
SUNALERT 102945
SUSE SUSE-SA:2007:019
SUSE SUSE-SA:2007:022
UBUNTU USN-428-1
UBUNTU USN-431-1
CERT-VN VU#377812
BID 22694
BID 64758
OVAL oval:org.mitre.oval:def:10502
VUPEN ADV-2007-0719
VUPEN ADV-2007-0718
VUPEN ADV-2007-1165
VUPEN ADV-2007-2141
OSVDB 32105
SECTRACK 1017696
SECUNIA 24238
SECUNIA 24252
SECUNIA 24253
SECUNIA 24277
SECUNIA 24287
SECUNIA 24290
SECUNIA 24205
SECUNIA 24328
SECUNIA 24333
SECUNIA 24343
SECUNIA 24320
SECUNIA 24293
SECUNIA 24395
SECUNIA 24384
SECUNIA 24389
SECUNIA 24410
SECUNIA 24522
SECUNIA 24562
SECUNIA 24703
SECUNIA 24650
SECUNIA 25597
SECUNIA 24406
SECUNIA 24455
SECUNIA 24456
SECUNIA 24457
SECUNIA 24342
SECUNIA 25588
XF nss-mastersecret-bo(32666)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.