CVE-2007-0009

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html	Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483	Broken Link
https://bugzilla.mozilla.org/show_bug.cgi?id=364323	Issue Tracking Vendor Advisory
https://issues.rpath.com/browse/RPL-1081	Broken Link
https://issues.rpath.com/browse/RPL-1103	Broken Link
http://fedoranews.org/cms/node/2709	Broken Link
http://fedoranews.org/cms/node/2711	Broken Link
http://security.gentoo.org/glsa/glsa-200703-18.xml	Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0079.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2007-0077.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0078.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0097.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0108.html	Third Party Advisory
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html	Broken Link
http://www.ubuntu.com/usn/usn-428-1	Third Party Advisory
http://www.ubuntu.com/usn/usn-431-1	Third Party Advisory
http://www.kb.cert.org/vuls/id/592796	Third Party Advisory US Government Resource
http://www.osvdb.org/32106	Broken Link
http://www.securitytracker.com/id?1017696	Third Party Advisory VDB Entry
http://secunia.com/advisories/24253	Third Party Advisory
http://secunia.com/advisories/24277	Third Party Advisory
http://secunia.com/advisories/24287	Third Party Advisory
http://secunia.com/advisories/24290	Third Party Advisory
http://secunia.com/advisories/24333	Third Party Advisory
http://secunia.com/advisories/24343	Third Party Advisory
http://secunia.com/advisories/24293	Third Party Advisory
http://secunia.com/advisories/24395	Third Party Advisory
http://secunia.com/advisories/24384	Third Party Advisory
http://secunia.com/advisories/24389	Third Party Advisory
http://secunia.com/advisories/24410	Third Party Advisory
http://secunia.com/advisories/24522	Third Party Advisory
http://secunia.com/advisories/24562	Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1	Broken Link
http://secunia.com/advisories/24703	Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc	Broken Link
http://secunia.com/advisories/24650	Third Party Advisory
http://www.debian.org/security/2007/dsa-1336	Third Party Advisory
http://fedoranews.org/cms/node/2747	Broken Link
http://fedoranews.org/cms/node/2749	Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050	Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc	Broken Link
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851	Mailing List Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947	Mailing List Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131	Mailing List Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1	Broken Link
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html	Broken Link
http://secunia.com/advisories/25597	Third Party Advisory
http://secunia.com/advisories/24406	Third Party Advisory
http://secunia.com/advisories/24455	Third Party Advisory
http://secunia.com/advisories/24456	Third Party Advisory
http://secunia.com/advisories/24457	Third Party Advisory
http://secunia.com/advisories/24342	Third Party Advisory
http://secunia.com/advisories/25588	Third Party Advisory
http://www.vupen.com/english/advisories/2007/2141	Third Party Advisory
http://www.vupen.com/english/advisories/2007/0718	Third Party Advisory
http://www.vupen.com/english/advisories/2007/0719	Third Party Advisory
http://www.vupen.com/english/advisories/2007/1165	Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	Broken Link
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html	Third Party Advisory
http://www.securityfocus.com/bid/64758	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/32663	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174	Third Party Advisory
http://www.securityfocus.com/archive/1/461809/100/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/461336/100/0/threaded	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:network_security_services::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:firefox::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:4.0:::::::*
	cpe:2.3:o:debian:debian_linux:3.1:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::

Information

Published : 2007-02-26 12:28

Updated : 2019-10-09 15:51

NVD link : CVE-2007-0009

Mitre link : CVE-2007-0009

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

mozilla

thunderbird
firefox
network_security_services
seamonkey

canonical

ubuntu_linux

debian

debian_linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-06.html", "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-06.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483", "name": "20070223 Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability", "tags": ["Broken Link"], "refsource": "IDEFENSE"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=364323", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=364323", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://issues.rpath.com/browse/RPL-1081", "name": "https://issues.rpath.com/browse/RPL-1081", "tags": ["Broken Link"], "refsource": "CONFIRM"}, {"url": "https://issues.rpath.com/browse/RPL-1103", "name": "https://issues.rpath.com/browse/RPL-1103", "tags": ["Broken Link"], "refsource": "CONFIRM"}, {"url": "http://fedoranews.org/cms/node/2709", "name": "FEDORA-2007-278", "tags": ["Broken Link"], "refsource": "FEDORA"}, {"url": "http://fedoranews.org/cms/node/2711", "name": "FEDORA-2007-279", "tags": ["Broken Link"], "refsource": "FEDORA"}, {"url": "http://security.gentoo.org/glsa/glsa-200703-18.xml", "name": "GLSA-200703-18", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml", "name": "GLSA-200703-22", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:052", "name": "MDKSA-2007:052", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html", "name": "RHSA-2007:0079", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html", "name": "RHSA-2007:0077", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html", "name": "RHSA-2007:0078", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html", "name": "RHSA-2007:0097", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html", "name": "RHSA-2007:0108", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html", "name": "SUSE-SA:2007:019", "tags": ["Broken Link"], "refsource": "SUSE"}, {"url": "http://www.ubuntu.com/usn/usn-428-1", "name": "USN-428-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.ubuntu.com/usn/usn-431-1", "name": "USN-431-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.kb.cert.org/vuls/id/592796", "name": "VU#592796", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.osvdb.org/32106", "name": "32106", "tags": ["Broken Link"], "refsource": "OSVDB"}, {"url": "http://www.securitytracker.com/id?1017696", "name": "1017696", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/24253", "name": "24253", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24277", "name": "24277", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24287", "name": "24287", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24290", "name": "24290", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24333", "name": "24333", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24343", "name": "24343", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24293", "name": "24293", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24395", "name": "24395", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24384", "name": "24384", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24389", "name": "24389", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24410", "name": "24410", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24522", "name": "24522", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24562", "name": "24562", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1", "name": "102856", "tags": ["Broken Link"], "refsource": "SUNALERT"}, {"url": "http://secunia.com/advisories/24703", "name": "24703", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc", "name": "20070301-01-P", "tags": ["Broken Link"], "refsource": "SGI"}, {"url": "http://secunia.com/advisories/24650", "name": "24650", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2007/dsa-1336", "name": "DSA-1336", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://fedoranews.org/cms/node/2747", "name": "FEDORA-2007-308", "tags": ["Broken Link"], "refsource": "FEDORA"}, {"url": "http://fedoranews.org/cms/node/2749", "name": "FEDORA-2007-309", "tags": ["Broken Link"], "refsource": "FEDORA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050", "name": "MDKSA-2007:050", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc", "name": "20070202-01-P", "tags": ["Broken Link"], "refsource": "SGI"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851", "name": "SSA:2007-066-03", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SLACKWARE"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947", "name": "SSA:2007-066-04", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SLACKWARE"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131", "name": "SSA:2007-066-05", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SLACKWARE"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1", "name": "102945", "tags": ["Broken Link"], "refsource": "SUNALERT"}, {"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html", "name": "SUSE-SA:2007:022", "tags": ["Broken Link"], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/25597", "name": "25597", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24406", "name": "24406", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24455", "name": "24455", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24456", "name": "24456", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24457", "name": "24457", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24342", "name": "24342", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/25588", "name": "25588", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2007/2141", "name": "ADV-2007-2141", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2007/0718", "name": "ADV-2007-0718", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2007/0719", "name": "ADV-2007-0719", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2007/1165", "name": "ADV-2007-1165", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", "name": "HPSBUX02153", "tags": ["Broken Link"], "refsource": "HP"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/64758", "name": "64758", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32663", "name": "nss-clientmasterkey-bo(32663)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174", "name": "oval:org.mitre.oval:def:10174", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded", "name": "20070303 rPSA-2007-0040-3 firefox thunderbird", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded", "name": "20070226 rPSA-2007-0040-1 firefox", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid \"Client Master Key\" length values."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-0009", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2007-02-26T20:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.5.0.10", "versionStartIncluding": "1.5"}, {"cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.11.5"}, {"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.8"}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.5.0.10"}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.0.0.2", "versionStartIncluding": "2.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-09T22:51Z"}

6.8 /10