10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.107 Low
EPSS
Percentile
94.2%
Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
A race condition was found in the way NSS verified certain certificates.
A remote attacker could use this flaw to crash an application using NSS or,
possibly, execute arbitrary code with the privileges of the user running
that application. (CVE-2014-1544)
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the
original reporters.
All NSS users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, applications using NSS must be restarted for this update to take
effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 4 | x86_64 | nss | < 3.12.10-7.el4 | nss-3.12.10-7.el4.x86_64.rpm |
RedHat | 4 | i386 | nss-tools | < 3.12.10-7.el4 | nss-tools-3.12.10-7.el4.i386.rpm |
RedHat | 4 | i386 | nss-devel | < 3.12.10-7.el4 | nss-devel-3.12.10-7.el4.i386.rpm |
RedHat | 4 | i386 | nss | < 3.12.10-7.el4 | nss-3.12.10-7.el4.i386.rpm |
RedHat | 4 | ia64 | nss-tools | < 3.12.10-7.el4 | nss-tools-3.12.10-7.el4.ia64.rpm |
RedHat | 4 | ia64 | nss-devel | < 3.12.10-7.el4 | nss-devel-3.12.10-7.el4.ia64.rpm |
RedHat | 4 | src | nss | < 3.12.10-7.el4 | nss-3.12.10-7.el4.src.rpm |
RedHat | 4 | ia64 | nss | < 3.12.10-7.el4 | nss-3.12.10-7.el4.ia64.rpm |
RedHat | 4 | x86_64 | nss-tools | < 3.12.10-7.el4 | nss-tools-3.12.10-7.el4.x86_64.rpm |
RedHat | 4 | x86_64 | nss-devel | < 3.12.10-7.el4 | nss-devel-3.12.10-7.el4.x86_64.rpm |