SB2020031706 - Gentoo update for Mozilla Network Security Service

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020031706

SB2020031706 - Gentoo update for Mozilla Network Security Service

Published: March 17, 2020

Security Bulletin ID SB2020031706
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 17% Low 83%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2017-11695)

The vulnerability allows a local attacker to gain elevated privileges.

The weakness exists due to heap-based buffer overflow in alloc_segs() in 'lib/dbm/src/hash.c'. A local attacker supply a specially crafted 'cert8.db' file, cause is to be processed by the NSS 'certutil' application and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

2) Heap-based buffer overflow (CVE-ID: CVE-2017-11696)

The vulnerability allows a local attacker to gain elevated privileges.

The weakness exists due to heap-based buffer overflow in __hash_open() in 'lib/dbm/src/hash.c'. A local attacker supply a specially crafted 'cert8.db' file, cause is to be processed by the NSS 'certutil' application and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

3) Divide by zero (CVE-ID: CVE-2017-11697)

The vulnerability allows a local attacker to gain elevated privileges.

The weakness exists due to floating point exception in __hash_open() in 'hash.c'. A local attacker supply a specially crafted 'cert8.db' file, cause is to be processed by the NSS 'certutil' application and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Heap-based buffer overflow (CVE-ID: CVE-2017-11698)

The vulnerability allows a local attacker to gain elevated privileges.

The weakness exists due to heap-based buffer overflow in __get_page() in 'lib/dbm/src/h_page.c'. A local attacker supply a specially crafted 'cert8.db' file, cause is to be processed by the NSS 'certutil' application and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

5) NULL pointer dereference (CVE-ID: CVE-2018-18508)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in Mozilla NSS within the  CMS (Cryptographic Message Syntax) API. A remote attacker can perform a denial of service (DoS) attack.


6) Out-of-bounds write (CVE-ID: CVE-2019-11745)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the NSC_EncryptUpdate() function in /lib/softoken/pkcs11c.c, when performing padding operations in Mozilla NSS. A remote attacker can pass specially crafted data to the affected application, trigger out-of-bounds write and execute arbitrary code on the target system.


Remediation

Install update from vendor's website.

References