rhsa-2017_1101
Vulnerability from csaf_redhat
Published
2017-04-20 02:17
Modified
2024-11-22 11:05
Summary
Red Hat Security Advisory: nss security update

Notes

Topic
An update for nss is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2017-5461) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for nss is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.\n\nSecurity Fix(es):\n\n* An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2017-5461)\n\nRed Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2017:1101",
        "url": "https://access.redhat.com/errata/RHSA-2017:1101"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "1440080",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1440080"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_1101.json"
      }
    ],
    "title": "Red Hat Security Advisory: nss security update",
    "tracking": {
      "current_release_date": "2024-11-22T11:05:33+00:00",
      "generator": {
        "date": "2024-11-22T11:05:33+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2017:1101",
      "initial_release_date": "2017-04-20T02:17:09+00:00",
      "revision_history": [
        {
          "date": "2017-04-20T02:17:09+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2017-04-20T02:17:09+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T11:05:33+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server (v. 5 ELS)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server (v. 5 ELS)",
                  "product_id": "5Server-ELS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:rhel_els:5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nss-devel-0:3.21.4-1.el5_11.x86_64",
                "product": {
                  "name": "nss-devel-0:3.21.4-1.el5_11.x86_64",
                  "product_id": "nss-devel-0:3.21.4-1.el5_11.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-devel@3.21.4-1.el5_11?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-0:3.21.4-1.el5_11.x86_64",
                "product": {
                  "name": "nss-0:3.21.4-1.el5_11.x86_64",
                  "product_id": "nss-0:3.21.4-1.el5_11.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss@3.21.4-1.el5_11?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-debuginfo-0:3.21.4-1.el5_11.x86_64",
                "product": {
                  "name": "nss-debuginfo-0:3.21.4-1.el5_11.x86_64",
                  "product_id": "nss-debuginfo-0:3.21.4-1.el5_11.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-debuginfo@3.21.4-1.el5_11?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-tools-0:3.21.4-1.el5_11.x86_64",
                "product": {
                  "name": "nss-tools-0:3.21.4-1.el5_11.x86_64",
                  "product_id": "nss-tools-0:3.21.4-1.el5_11.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-tools@3.21.4-1.el5_11?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64",
                "product": {
                  "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64",
                  "product_id": "nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-pkcs11-devel@3.21.4-1.el5_11?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nss-devel-0:3.21.4-1.el5_11.i386",
                "product": {
                  "name": "nss-devel-0:3.21.4-1.el5_11.i386",
                  "product_id": "nss-devel-0:3.21.4-1.el5_11.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-devel@3.21.4-1.el5_11?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-0:3.21.4-1.el5_11.i386",
                "product": {
                  "name": "nss-0:3.21.4-1.el5_11.i386",
                  "product_id": "nss-0:3.21.4-1.el5_11.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss@3.21.4-1.el5_11?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-debuginfo-0:3.21.4-1.el5_11.i386",
                "product": {
                  "name": "nss-debuginfo-0:3.21.4-1.el5_11.i386",
                  "product_id": "nss-debuginfo-0:3.21.4-1.el5_11.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-debuginfo@3.21.4-1.el5_11?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.i386",
                "product": {
                  "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.i386",
                  "product_id": "nss-pkcs11-devel-0:3.21.4-1.el5_11.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-pkcs11-devel@3.21.4-1.el5_11?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-tools-0:3.21.4-1.el5_11.i386",
                "product": {
                  "name": "nss-tools-0:3.21.4-1.el5_11.i386",
                  "product_id": "nss-tools-0:3.21.4-1.el5_11.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-tools@3.21.4-1.el5_11?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nss-devel-0:3.21.4-1.el5_11.s390x",
                "product": {
                  "name": "nss-devel-0:3.21.4-1.el5_11.s390x",
                  "product_id": "nss-devel-0:3.21.4-1.el5_11.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-devel@3.21.4-1.el5_11?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-0:3.21.4-1.el5_11.s390x",
                "product": {
                  "name": "nss-0:3.21.4-1.el5_11.s390x",
                  "product_id": "nss-0:3.21.4-1.el5_11.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss@3.21.4-1.el5_11?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-debuginfo-0:3.21.4-1.el5_11.s390x",
                "product": {
                  "name": "nss-debuginfo-0:3.21.4-1.el5_11.s390x",
                  "product_id": "nss-debuginfo-0:3.21.4-1.el5_11.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-debuginfo@3.21.4-1.el5_11?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-tools-0:3.21.4-1.el5_11.s390x",
                "product": {
                  "name": "nss-tools-0:3.21.4-1.el5_11.s390x",
                  "product_id": "nss-tools-0:3.21.4-1.el5_11.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-tools@3.21.4-1.el5_11?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x",
                "product": {
                  "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x",
                  "product_id": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-pkcs11-devel@3.21.4-1.el5_11?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nss-devel-0:3.21.4-1.el5_11.s390",
                "product": {
                  "name": "nss-devel-0:3.21.4-1.el5_11.s390",
                  "product_id": "nss-devel-0:3.21.4-1.el5_11.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-devel@3.21.4-1.el5_11?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-0:3.21.4-1.el5_11.s390",
                "product": {
                  "name": "nss-0:3.21.4-1.el5_11.s390",
                  "product_id": "nss-0:3.21.4-1.el5_11.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss@3.21.4-1.el5_11?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-debuginfo-0:3.21.4-1.el5_11.s390",
                "product": {
                  "name": "nss-debuginfo-0:3.21.4-1.el5_11.s390",
                  "product_id": "nss-debuginfo-0:3.21.4-1.el5_11.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-debuginfo@3.21.4-1.el5_11?arch=s390"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390",
                "product": {
                  "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390",
                  "product_id": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss-pkcs11-devel@3.21.4-1.el5_11?arch=s390"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nss-0:3.21.4-1.el5_11.src",
                "product": {
                  "name": "nss-0:3.21.4-1.el5_11.src",
                  "product_id": "nss-0:3.21.4-1.el5_11.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nss@3.21.4-1.el5_11?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-0:3.21.4-1.el5_11.i386 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-0:3.21.4-1.el5_11.i386"
        },
        "product_reference": "nss-0:3.21.4-1.el5_11.i386",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-0:3.21.4-1.el5_11.s390 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-0:3.21.4-1.el5_11.s390"
        },
        "product_reference": "nss-0:3.21.4-1.el5_11.s390",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-0:3.21.4-1.el5_11.s390x as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-0:3.21.4-1.el5_11.s390x"
        },
        "product_reference": "nss-0:3.21.4-1.el5_11.s390x",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-0:3.21.4-1.el5_11.src as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-0:3.21.4-1.el5_11.src"
        },
        "product_reference": "nss-0:3.21.4-1.el5_11.src",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-0:3.21.4-1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-0:3.21.4-1.el5_11.x86_64"
        },
        "product_reference": "nss-0:3.21.4-1.el5_11.x86_64",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-debuginfo-0:3.21.4-1.el5_11.i386 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.i386"
        },
        "product_reference": "nss-debuginfo-0:3.21.4-1.el5_11.i386",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-debuginfo-0:3.21.4-1.el5_11.s390 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.s390"
        },
        "product_reference": "nss-debuginfo-0:3.21.4-1.el5_11.s390",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-debuginfo-0:3.21.4-1.el5_11.s390x as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.s390x"
        },
        "product_reference": "nss-debuginfo-0:3.21.4-1.el5_11.s390x",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-debuginfo-0:3.21.4-1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.x86_64"
        },
        "product_reference": "nss-debuginfo-0:3.21.4-1.el5_11.x86_64",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-devel-0:3.21.4-1.el5_11.i386 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.i386"
        },
        "product_reference": "nss-devel-0:3.21.4-1.el5_11.i386",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-devel-0:3.21.4-1.el5_11.s390 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.s390"
        },
        "product_reference": "nss-devel-0:3.21.4-1.el5_11.s390",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-devel-0:3.21.4-1.el5_11.s390x as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.s390x"
        },
        "product_reference": "nss-devel-0:3.21.4-1.el5_11.s390x",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-devel-0:3.21.4-1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.x86_64"
        },
        "product_reference": "nss-devel-0:3.21.4-1.el5_11.x86_64",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.i386 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.i386"
        },
        "product_reference": "nss-pkcs11-devel-0:3.21.4-1.el5_11.i386",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.s390"
        },
        "product_reference": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x"
        },
        "product_reference": "nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64"
        },
        "product_reference": "nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-tools-0:3.21.4-1.el5_11.i386 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.i386"
        },
        "product_reference": "nss-tools-0:3.21.4-1.el5_11.i386",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-tools-0:3.21.4-1.el5_11.s390x as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.s390x"
        },
        "product_reference": "nss-tools-0:3.21.4-1.el5_11.s390x",
        "relates_to_product_reference": "5Server-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nss-tools-0:3.21.4-1.el5_11.x86_64 as a component of Red Hat Enterprise Linux Server (v. 5 ELS)",
          "product_id": "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.x86_64"
        },
        "product_reference": "nss-tools-0:3.21.4-1.el5_11.x86_64",
        "relates_to_product_reference": "5Server-ELS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "the Mozilla project"
          ]
        },
        {
          "names": [
            "Ronald Crane"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2017-5461",
      "discovery_date": "2017-04-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1440080"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The security flaw exists in NSS library Base64 encoder/decoder code. Any application which uses NSS library to parse base64 encoded data could possibly be affected by the flaw. For example:\n\n1. Servers compiled against NSS which parse untrusted certificates or any other base64 encoded data from its users.\n\n2. Utilities like curl etc which use NSS to parse user provided base64 encoded certificates.\n\n3. Applications like Firefox which use NSS to parse client-certificates before passing them to the web server.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-ELS:nss-0:3.21.4-1.el5_11.i386",
          "5Server-ELS:nss-0:3.21.4-1.el5_11.s390",
          "5Server-ELS:nss-0:3.21.4-1.el5_11.s390x",
          "5Server-ELS:nss-0:3.21.4-1.el5_11.src",
          "5Server-ELS:nss-0:3.21.4-1.el5_11.x86_64",
          "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.i386",
          "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.s390",
          "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.s390x",
          "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.x86_64",
          "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.i386",
          "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.s390",
          "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.s390x",
          "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.x86_64",
          "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.i386",
          "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.s390",
          "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x",
          "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64",
          "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.i386",
          "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.s390x",
          "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-5461"
        },
        {
          "category": "external",
          "summary": "RHBZ#1440080",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1440080"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-5461"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5461",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5461"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461",
          "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461"
        }
      ],
      "release_date": "2017-04-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2017-04-20T02:17:09+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect.",
          "product_ids": [
            "5Server-ELS:nss-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-0:3.21.4-1.el5_11.s390",
            "5Server-ELS:nss-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-0:3.21.4-1.el5_11.src",
            "5Server-ELS:nss-0:3.21.4-1.el5_11.x86_64",
            "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.s390",
            "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.x86_64",
            "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.s390",
            "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.x86_64",
            "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.s390",
            "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64",
            "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:1101"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "5Server-ELS:nss-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-0:3.21.4-1.el5_11.s390",
            "5Server-ELS:nss-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-0:3.21.4-1.el5_11.src",
            "5Server-ELS:nss-0:3.21.4-1.el5_11.x86_64",
            "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.s390",
            "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-debuginfo-0:3.21.4-1.el5_11.x86_64",
            "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.s390",
            "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-devel-0:3.21.4-1.el5_11.x86_64",
            "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.s390",
            "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-pkcs11-devel-0:3.21.4-1.el5_11.x86_64",
            "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.i386",
            "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.s390x",
            "5Server-ELS:nss-tools-0:3.21.4-1.el5_11.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.