Lucene search

PRIOn knowledge basePRION:CVE-2007-0008

HistoryFeb 26, 2007 - 8:28 p.m.

Heap overflow

2007-02-2620:28:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.969 High

EPSS

Percentile

99.7%

JSON

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the “Master Secret”, which results in a heap-based overflow.

CPENameOperatorVersion
firefoxeq0.1
firefoxeq0.8
firefoxeq1.5.0.6
firefoxeq1.5.0.10
firefoxeq1.5.0.3
firefoxle1.5.0.9
firefoxeq1.5.0.11
firefoxeq1.4.1
firefoxeq1.0.2
firefoxeq1.5

Name	Operator	Version
firefox	eq	0.1
firefox	eq	0.8
firefox	eq	1.5.0.6
firefox	eq	1.5.0.10
firefox	eq	1.5.0.3
firefox	le	1.5.0.9
firefox	eq	1.5.0.11
firefox	eq	1.4.1
firefox	eq	1.0.2
firefox	eq	1.5

Rows per page:

1-10 of 861

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

fedoranews.org/cms/node/2709

fedoranews.org/cms/node/2711

fedoranews.org/cms/node/2713

fedoranews.org/cms/node/2728

fedoranews.org/cms/node/2747

fedoranews.org/cms/node/2749

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

labs.idefense.com/intelligence/vulnerabilities/display.php?id=482

lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

rhn.redhat.com/errata/RHSA-2007-0077.html

secunia.com/advisories/24205

secunia.com/advisories/24238

secunia.com/advisories/24252

secunia.com/advisories/24253

secunia.com/advisories/24277

secunia.com/advisories/24287

secunia.com/advisories/24290

secunia.com/advisories/24293

secunia.com/advisories/24320

secunia.com/advisories/24328

secunia.com/advisories/24333

secunia.com/advisories/24342

secunia.com/advisories/24343

secunia.com/advisories/24384

secunia.com/advisories/24389

secunia.com/advisories/24395

secunia.com/advisories/24406

secunia.com/advisories/24410

secunia.com/advisories/24455

secunia.com/advisories/24456

secunia.com/advisories/24457

secunia.com/advisories/24522

secunia.com/advisories/24562

secunia.com/advisories/24650

secunia.com/advisories/24703

secunia.com/advisories/25588

secunia.com/advisories/25597

security.gentoo.org/glsa/glsa-200703-18.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1

sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1

www.debian.org/security/2007/dsa-1336

www.gentoo.org/security/en/glsa/glsa-200703-22.xml

www.kb.cert.org/vuls/id/377812

www.mandriva.com/security/advisories?name=MDKSA-2007:050

www.mandriva.com/security/advisories?name=MDKSA-2007:052

www.mozilla.org/security/announce/2007/mfsa2007-06.html

www.novell.com/linux/security/advisories/2007_22_mozilla.html

www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

www.osvdb.org/32105

www.redhat.com/support/errata/RHSA-2007-0078.html

www.redhat.com/support/errata/RHSA-2007-0079.html

www.redhat.com/support/errata/RHSA-2007-0097.html

www.redhat.com/support/errata/RHSA-2007-0108.html

www.securityfocus.com/archive/1/461336/100/0/threaded

www.securityfocus.com/archive/1/461809/100/0/threaded

www.securityfocus.com/bid/22694

www.securityfocus.com/bid/64758

www.securitytracker.com/id?1017696

www.ubuntu.com/usn/usn-428-1

www.ubuntu.com/usn/usn-431-1

www.vupen.com/english/advisories/2007/0718

www.vupen.com/english/advisories/2007/0719

www.vupen.com/english/advisories/2007/1165

www.vupen.com/english/advisories/2007/2141

bugzilla.mozilla.org/show_bug.cgi?id=364319

exchange.xforce.ibmcloud.com/vulnerabilities/32666

issues.rpath.com/browse/RPL-1081

issues.rpath.com/browse/RPL-1103

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10502

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.969 High

EPSS

Percentile

99.7%

JSON

Related for PRION:CVE-2007-0008