Lucene search

RedhatCVE-2007-0009

HistoryFeb 26, 2007 - 8:28 p.m.

CVE-2007-0009

2007-02-2620:28:00

CWE-119

redhat

web.nvd.nist.gov

cve-2007-0009

sslv2

buffer overflow

mozilla nss

nvd

remote code execution

security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.965

Percentile

99.6%

JSON

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid “Client Master Key” length values.

Affected configurations

Nvd

Node

mozillafirefoxRange1.5–1.5.0.10

mozillafirefoxRange2.0–2.0.0.2

mozillanetwork_security_servicesRange<3.11.5

mozillaseamonkeyRange<1.0.8

mozillathunderbirdRange<1.5.0.10

Node

debiandebian_linuxMatch3.1

debiandebian_linuxMatch4.0

Node

canonicalubuntu_linuxMatch5.10

canonicalubuntu_linuxMatch6.06lts

canonicalubuntu_linuxMatch6.10

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillanetwork_security_services*cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
debiandebian_linux3.1cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
canonicalubuntu_linux5.10cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
canonicalubuntu_linux6.06cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
canonicalubuntu_linux6.10cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	network_security_services	*	cpe:2.3:a:mozilla:network_security_services::::::::
mozilla	seamonkey	*	cpe:2.3:a:mozilla:seamonkey::::::::
mozilla	thunderbird	*	cpe:2.3:a:mozilla:thunderbird::::::::
debian	debian_linux	3.1	cpe:2.3:o:debian:debian_linux:3.1:::::::*
debian	debian_linux	4.0	cpe:2.3:o:debian:debian_linux:4.0:::::::*
canonical	ubuntu_linux	5.10	cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*
canonical	ubuntu_linux	6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
canonical	ubuntu_linux	6.10	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*

References

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc

fedoranews.org/cms/node/2709

fedoranews.org/cms/node/2711

fedoranews.org/cms/node/2747

fedoranews.org/cms/node/2749

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

labs.idefense.com/intelligence/vulnerabilities/display.php?id=483

lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

rhn.redhat.com/errata/RHSA-2007-0077.html

secunia.com/advisories/24253

secunia.com/advisories/24277

secunia.com/advisories/24287

secunia.com/advisories/24290

secunia.com/advisories/24293

secunia.com/advisories/24333

secunia.com/advisories/24342

secunia.com/advisories/24343

secunia.com/advisories/24384

secunia.com/advisories/24389

secunia.com/advisories/24395

secunia.com/advisories/24406

secunia.com/advisories/24410

secunia.com/advisories/24455

secunia.com/advisories/24456

secunia.com/advisories/24457

secunia.com/advisories/24522

secunia.com/advisories/24562

secunia.com/advisories/24650

secunia.com/advisories/24703

secunia.com/advisories/25588

secunia.com/advisories/25597

security.gentoo.org/glsa/glsa-200703-18.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851

sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1

sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1

www.debian.org/security/2007/dsa-1336

www.gentoo.org/security/en/glsa/glsa-200703-22.xml

www.kb.cert.org/vuls/id/592796

www.mandriva.com/security/advisories?name=MDKSA-2007:050

www.mandriva.com/security/advisories?name=MDKSA-2007:052

www.mozilla.org/security/announce/2007/mfsa2007-06.html

www.novell.com/linux/security/advisories/2007_22_mozilla.html

www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

www.osvdb.org/32106

www.redhat.com/support/errata/RHSA-2007-0078.html

www.redhat.com/support/errata/RHSA-2007-0079.html

www.redhat.com/support/errata/RHSA-2007-0097.html

www.redhat.com/support/errata/RHSA-2007-0108.html

www.securityfocus.com/archive/1/461336/100/0/threaded

www.securityfocus.com/archive/1/461809/100/0/threaded

www.securityfocus.com/bid/64758

www.securitytracker.com/id?1017696

www.ubuntu.com/usn/usn-428-1

www.ubuntu.com/usn/usn-431-1

www.vupen.com/english/advisories/2007/0718

www.vupen.com/english/advisories/2007/0719

www.vupen.com/english/advisories/2007/1165

www.vupen.com/english/advisories/2007/2141

bugzilla.mozilla.org/show_bug.cgi?id=364323

exchange.xforce.ibmcloud.com/vulnerabilities/32663

issues.rpath.com/browse/RPL-1081

issues.rpath.com/browse/RPL-1103

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.965

Percentile

99.6%

JSON

Related for CVE-2007-0009