CVE - CVE-2007-0009

CVE-ID
CVE-2007-0009	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070226 rPSA-2007-0040-1 firefox URL:http://www.securityfocus.com/archive/1/461336/100/0/threaded BUGTRAQ:20070303 rPSA-2007-0040-3 firefox thunderbird URL:http://www.securityfocus.com/archive/1/461809/100/0/threaded CONFIRM:http://www.mozilla.org/security/announce/2007/mfsa2007-06.html IDEFENSE:20070223 Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483 MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=364323 CONFIRM:https://issues.rpath.com/browse/RPL-1081 CONFIRM:https://issues.rpath.com/browse/RPL-1103 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html DEBIAN:DSA-1336 URL:http://www.debian.org/security/2007/dsa-1336 FEDORA:FEDORA-2007-278 URL:http://fedoranews.org/cms/node/2709 FEDORA:FEDORA-2007-279 URL:http://fedoranews.org/cms/node/2711 FEDORA:FEDORA-2007-308 URL:http://fedoranews.org/cms/node/2747 FEDORA:FEDORA-2007-309 URL:http://fedoranews.org/cms/node/2749 GENTOO:GLSA-200703-18 URL:http://security.gentoo.org/glsa/glsa-200703-18.xml GENTOO:GLSA-200703-22 URL:http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml HP:HPSBUX02153 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 HP:SSRT061181 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 MANDRIVA:MDKSA-2007:050 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 MANDRIVA:MDKSA-2007:052 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:052 REDHAT:RHSA-2007:0079 URL:http://www.redhat.com/support/errata/RHSA-2007-0079.html REDHAT:RHSA-2007:0077 URL:http://rhn.redhat.com/errata/RHSA-2007-0077.html REDHAT:RHSA-2007:0078 URL:http://www.redhat.com/support/errata/RHSA-2007-0078.html REDHAT:RHSA-2007:0097 URL:http://www.redhat.com/support/errata/RHSA-2007-0097.html REDHAT:RHSA-2007:0108 URL:http://www.redhat.com/support/errata/RHSA-2007-0108.html SGI:20070301-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc SGI:20070202-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc SLACKWARE:SSA:2007-066-03 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 SLACKWARE:SSA:2007-066-04 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947 SLACKWARE:SSA:2007-066-05 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 SUNALERT:102856 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1 SUNALERT:102945 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1 SUSE:SUSE-SA:2007:019 URL:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html SUSE:SUSE-SA:2007:022 URL:http://www.novell.com/linux/security/advisories/2007_22_mozilla.html UBUNTU:USN-428-1 URL:http://www.ubuntu.com/usn/usn-428-1 UBUNTU:USN-431-1 URL:http://www.ubuntu.com/usn/usn-431-1 CERT-VN:VU#592796 URL:http://www.kb.cert.org/vuls/id/592796 BID:64758 URL:http://www.securityfocus.com/bid/64758 OVAL:oval:org.mitre.oval:def:10174 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174 VUPEN:ADV-2007-0719 URL:http://www.vupen.com/english/advisories/2007/0719 VUPEN:ADV-2007-0718 URL:http://www.vupen.com/english/advisories/2007/0718 VUPEN:ADV-2007-1165 URL:http://www.vupen.com/english/advisories/2007/1165 VUPEN:ADV-2007-2141 URL:http://www.vupen.com/english/advisories/2007/2141 OSVDB:32106 URL:http://www.osvdb.org/32106 SECTRACK:1017696 URL:http://www.securitytracker.com/id?1017696 SECUNIA:24253 URL:http://secunia.com/advisories/24253 SECUNIA:24277 URL:http://secunia.com/advisories/24277 SECUNIA:24287 URL:http://secunia.com/advisories/24287 SECUNIA:24290 URL:http://secunia.com/advisories/24290 SECUNIA:24333 URL:http://secunia.com/advisories/24333 SECUNIA:24343 URL:http://secunia.com/advisories/24343 SECUNIA:24293 URL:http://secunia.com/advisories/24293 SECUNIA:24395 URL:http://secunia.com/advisories/24395 SECUNIA:24384 URL:http://secunia.com/advisories/24384 SECUNIA:24389 URL:http://secunia.com/advisories/24389 SECUNIA:24410 URL:http://secunia.com/advisories/24410 SECUNIA:24522 URL:http://secunia.com/advisories/24522 SECUNIA:24562 URL:http://secunia.com/advisories/24562 SECUNIA:24703 URL:http://secunia.com/advisories/24703 SECUNIA:24650 URL:http://secunia.com/advisories/24650 SECUNIA:25597 URL:http://secunia.com/advisories/25597 SECUNIA:24406 URL:http://secunia.com/advisories/24406 SECUNIA:24455 URL:http://secunia.com/advisories/24455 SECUNIA:24456 URL:http://secunia.com/advisories/24456 SECUNIA:24457 URL:http://secunia.com/advisories/24457 SECUNIA:24342 URL:http://secunia.com/advisories/24342 SECUNIA:25588 URL:http://secunia.com/advisories/25588 XF:nss-clientmasterkey-bo(32663) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/32663
Assigning CNA
N/A
Date Entry Created
20061219	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061219)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org