CVE - CVE-2007-0009

CVE-ID
CVE-2007-0009	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1017696 URL:http://www.securitytracker.com/id?1017696 MISC:102856 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1~~ (Obsolete source) MISC:102945 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1~~ (Obsolete source) MISC:20070202-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc MISC:20070223 Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483 MISC:20070226 rPSA-2007-0040-1 firefox URL:http://www.securityfocus.com/archive/1/461336/100/0/threaded MISC:20070301-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc MISC:20070303 rPSA-2007-0040-3 firefox thunderbird URL:http://www.securityfocus.com/archive/1/461809/100/0/threaded MISC:24253 URL:http://secunia.com/advisories/24253 MISC:24277 URL:http://secunia.com/advisories/24277 MISC:24287 URL:http://secunia.com/advisories/24287 MISC:24290 URL:http://secunia.com/advisories/24290 MISC:24293 URL:http://secunia.com/advisories/24293 MISC:24333 URL:http://secunia.com/advisories/24333 MISC:24342 URL:http://secunia.com/advisories/24342 MISC:24343 URL:http://secunia.com/advisories/24343 MISC:24384 URL:http://secunia.com/advisories/24384 MISC:24389 URL:http://secunia.com/advisories/24389 MISC:24395 URL:http://secunia.com/advisories/24395 MISC:24406 URL:http://secunia.com/advisories/24406 MISC:24410 URL:http://secunia.com/advisories/24410 MISC:24455 URL:http://secunia.com/advisories/24455 MISC:24456 URL:http://secunia.com/advisories/24456 MISC:24457 URL:http://secunia.com/advisories/24457 MISC:24522 URL:http://secunia.com/advisories/24522 MISC:24562 URL:http://secunia.com/advisories/24562 MISC:24650 URL:http://secunia.com/advisories/24650 MISC:24703 URL:http://secunia.com/advisories/24703 MISC:25588 URL:http://secunia.com/advisories/25588 MISC:25597 URL:http://secunia.com/advisories/25597 MISC:32106 URL:~~http://www.osvdb.org/32106~~ (Obsolete source) MISC:64758 URL:http://www.securityfocus.com/bid/64758 MISC:ADV-2007-0718 URL:~~http://www.vupen.com/english/advisories/2007/0718~~ (Obsolete source) MISC:ADV-2007-0719 URL:~~http://www.vupen.com/english/advisories/2007/0719~~ (Obsolete source) MISC:ADV-2007-1165 URL:~~http://www.vupen.com/english/advisories/2007/1165~~ (Obsolete source) MISC:ADV-2007-2141 URL:~~http://www.vupen.com/english/advisories/2007/2141~~ (Obsolete source) MISC:DSA-1336 URL:http://www.debian.org/security/2007/dsa-1336 MISC:FEDORA-2007-278 URL:http://fedoranews.org/cms/node/2709 MISC:FEDORA-2007-279 URL:http://fedoranews.org/cms/node/2711 MISC:FEDORA-2007-308 URL:http://fedoranews.org/cms/node/2747 MISC:FEDORA-2007-309 URL:http://fedoranews.org/cms/node/2749 MISC:GLSA-200703-18 URL:http://security.gentoo.org/glsa/glsa-200703-18.xml MISC:GLSA-200703-22 URL:http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml MISC:HPSBUX02153 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 MISC:MDKSA-2007:050 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:050~~ (Obsolete source) MISC:MDKSA-2007:052 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:052~~ (Obsolete source) MISC:RHSA-2007:0077 URL:http://rhn.redhat.com/errata/RHSA-2007-0077.html MISC:RHSA-2007:0078 URL:http://www.redhat.com/support/errata/RHSA-2007-0078.html MISC:RHSA-2007:0079 URL:http://www.redhat.com/support/errata/RHSA-2007-0079.html MISC:RHSA-2007:0097 URL:http://www.redhat.com/support/errata/RHSA-2007-0097.html MISC:RHSA-2007:0108 URL:http://www.redhat.com/support/errata/RHSA-2007-0108.html MISC:SSA:2007-066-03 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 MISC:SSA:2007-066-04 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947 MISC:SSA:2007-066-05 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 MISC:SSRT061181 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 MISC:SUSE-SA:2007:019 URL:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html MISC:SUSE-SA:2007:022 URL:http://www.novell.com/linux/security/advisories/2007_22_mozilla.html MISC:USN-428-1 URL:http://www.ubuntu.com/usn/usn-428-1 MISC:USN-431-1 URL:http://www.ubuntu.com/usn/usn-431-1 MISC:VU#592796 URL:http://www.kb.cert.org/vuls/id/592796 MISC:http://www.mozilla.org/security/announce/2007/mfsa2007-06.html URL:http://www.mozilla.org/security/announce/2007/mfsa2007-06.html MISC:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html URL:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=364323 URL:https://bugzilla.mozilla.org/show_bug.cgi?id=364323 MISC:https://issues.rpath.com/browse/RPL-1081 URL:https://issues.rpath.com/browse/RPL-1081 MISC:https://issues.rpath.com/browse/RPL-1103 URL:https://issues.rpath.com/browse/RPL-1103 MISC:nss-clientmasterkey-bo(32663) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/32663 MISC:oval:org.mitre.oval:def:10174 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174
Assigning CNA
Red Hat, Inc.
Date Record Created
20061219	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061219)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)