[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-10-25 14:32:56
Message-ID: 57e84e1f-2b6f-4de0-b6b4-6e76a76be525 () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Reed asked me to give this a CVE id.
Please use CVE-2011-3640
Thanks.
--
JB
----- Original Message -----
> Hello Josh, Steve, vendors,
>
> a security flaw was found in the way nss, the Network Security
> Services (NSS) set of libraries, performed their initialization (the
> file path for "pkcs11.txt" configuration file was constructed
> incorrectly). When that configuration file was loaded from remote
> WebDAV
> or Samba CIFS share, it could lead to arbitrary security module
> load, potentially leading to execution of arbitrary code (execution
> of
> code from untrusted security module).
>
> Upstream bug report:
> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=641052
>
> Other references:
> [2] https://secunia.com/advisories/46557/
> [3] https://bugs.gentoo.org/show_bug.cgi?id=388045
> [4] http://code.google.com/p/chromium/issues/detail?id=97426#c8
> [5] https://bugzilla.redhat.com/show_bug.cgi?id=748379
>
> Could you allocate a CVE id for this? (as it looks there isn't one
> for this deficiency yet)
>
> Thank you && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic