SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Network Security Services (NSS) Vendors:   Mozilla.org
(CentOS Issues Fix) Network Security Services (NSS) SSL DHE/ECDHE Use-After-Free Memory Error May Let Remote Users Execute Arbitrary Code on the Target System
SecurityTracker Alert ID:  1035689
SecurityTracker URL:  http://securitytracker.com/id/1035689
CVE Reference:   CVE-2016-1978   (Links to External Site)
Date:  Apr 26 2016
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Network Security Services (NSS). A remote user may be able to execute arbitrary code on the target system.

A remote user can send specially crafted DHE and ECDHE handshake data to trigger a user-after-free memory error when the target system's available memory is low and potentially execute arbitrary code on the target system.

Eric Rescorla reported this vulnerability vulnerability.

Impact:   A remote user may be able to execute arbitrary code on the target system.
Solution:   CentOS has issued a fix.

x86_64:
acc0e05d8f247791db76ab9b21359abc7908c1ab9ead506964b52955287fe25b nss-3.21.0-9.el7_2.i686.rpm
33e2a1aa657f809c53449627200616b683de444300a5b2c2a79510e3e5912b00 nss-3.21.0-9.el7_2.x86_64.rpm
bce90a8604496832d35d0cfefa05a552f9f3e1d866d5f6dfb0c1763d5ad34009 nss-devel-3.21.0-9.el7_2.i686.rpm
ab4370a426efcdbf15bc1730f3a077150a597edb103ebbabaceb39d84f0fb96c nss-devel-3.21.0-9.el7_2.x86_64.rpm
87f7e4956ae9aeff3821b2b28b9f3500b94b0037d9280b10149833b3e4a65902 nss-pkcs11-devel-3.21.0-9.el7_2.i686.rpm
e1ac83844836b6605c439bb5fa70be50163b9154d27ffcb45fc01c183fdc9c29 nss-pkcs11-devel-3.21.0-9.el7_2.x86_64.rpm
2a0881f7703e23a95aa8db53858285793eb30ceb198a7a20fa816c60e472a15d nss-sysinit-3.21.0-9.el7_2.x86_64.rpm
abb98d8a2a2737ab4031c145c1503cf31bb3b2b54983547e2675b0b08805eaf6 nss-tools-3.21.0-9.el7_2.x86_64.rpm

Source:
7b8295c752cbd420b5ae52a8b4aa8fa9b6979c57f9caa8279c14e3865ce62883 nss-3.21.0-9.el7_2.src.rpm

Cause:   Access control error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Mar 14 2016 Network Security Services (NSS) SSL DHE/ECDHE Use-After-Free Memory Error May Let Remote Users Execute Arbitrary Code on the Target System



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0685 Moderate CentOS 7 nss Security Update


CentOS Errata and Security Advisory 2016:0685 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0685.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
acc0e05d8f247791db76ab9b21359abc7908c1ab9ead506964b52955287fe25b  nss-3.21.0-9.el7_2.i686.rpm
33e2a1aa657f809c53449627200616b683de444300a5b2c2a79510e3e5912b00  nss-3.21.0-9.el7_2.x86_64.rpm
bce90a8604496832d35d0cfefa05a552f9f3e1d866d5f6dfb0c1763d5ad34009  nss-devel-3.21.0-9.el7_2.i686.rpm
ab4370a426efcdbf15bc1730f3a077150a597edb103ebbabaceb39d84f0fb96c  nss-devel-3.21.0-9.el7_2.x86_64.rpm
87f7e4956ae9aeff3821b2b28b9f3500b94b0037d9280b10149833b3e4a65902  nss-pkcs11-devel-3.21.0-9.el7_2.i686.rpm
e1ac83844836b6605c439bb5fa70be50163b9154d27ffcb45fc01c183fdc9c29  nss-pkcs11-devel-3.21.0-9.el7_2.x86_64.rpm
2a0881f7703e23a95aa8db53858285793eb30ceb198a7a20fa816c60e472a15d  nss-sysinit-3.21.0-9.el7_2.x86_64.rpm
abb98d8a2a2737ab4031c145c1503cf31bb3b2b54983547e2675b0b08805eaf6  nss-tools-3.21.0-9.el7_2.x86_64.rpm

Source:
7b8295c752cbd420b5ae52a8b4aa8fa9b6979c57f9caa8279c14e3865ce62883  nss-3.21.0-9.el7_2.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC