SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Network Security Services (NSS) Vendors:   Mozilla.org
(CentOS Issues Fix) Network Security Services (NSS) Null Pointer Dereference in ssl3_GatherData() Lets Remote Users Cause the Target Service to Crash
SecurityTracker Alert ID:  1038598
SecurityTracker URL:  http://securitytracker.com/id/1038598
CVE Reference:   CVE-2017-7502   (Links to External Site)
Date:  May 31 2017
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.24.0 - 3.30.2
Description:   A vulnerability was reported in Network Security Services (NSS). A remote user can cause the target service to crash.

A remote user can send specially crafted (empty) SSLv2 messages to trigger a null pointer dereference in ssl3_GatherData() and cause the target application using Network Security Services (NSS) to crash.

Impact:   A remote user can cause the target application using NSS to crash.
Solution:   CentOS has issued a fix.

i386:
d77edfa78ee44700556252fe80f032fc033a55fb7bb2f2c5ba5aea73a1125c1d nss-3.28.4-3.el6_9.i686.rpm
9484c1a36ac701664333a6e2a30e54391960d9b5c0c68b3d5050982cc7b27409 nss-devel-3.28.4-3.el6_9.i686.rpm
b6bb72fb77b46350bfa85456c956b638bfab12c1b6132331f5ac44f9748925e0 nss-pkcs11-devel-3.28.4-3.el6_9.i686.rpm
12bf47b242587e7716a30e335774b7d05a48f9c578642730986dba440eca90dc nss-sysinit-3.28.4-3.el6_9.i686.rpm
c448a582b4fa615bc4926d924f6c37aa8ea034c49336867c4bc659d019d21514 nss-tools-3.28.4-3.el6_9.i686.rpm

x86_64:
d77edfa78ee44700556252fe80f032fc033a55fb7bb2f2c5ba5aea73a1125c1d nss-3.28.4-3.el6_9.i686.rpm
e31ab61a961da1167d5d3fec3b4d2735602e942dd2491ce6f09536030b971a1f nss-3.28.4-3.el6_9.x86_64.rpm
9484c1a36ac701664333a6e2a30e54391960d9b5c0c68b3d5050982cc7b27409 nss-devel-3.28.4-3.el6_9.i686.rpm
34f02716079054002b6daa61b62c3d7153111846cb3634bf78db9bd768735a07 nss-devel-3.28.4-3.el6_9.x86_64.rpm
b6bb72fb77b46350bfa85456c956b638bfab12c1b6132331f5ac44f9748925e0 nss-pkcs11-devel-3.28.4-3.el6_9.i686.rpm
b73425f3b5c387107afef99920e8ff0b28c74f706a567c7cb4e1d70be1b6325e nss-pkcs11-devel-3.28.4-3.el6_9.x86_64.rpm
254ad8f2e42f5ef3b7cd7d6c95176f4cf93554123329d9d0e856b591424509d1 nss-sysinit-3.28.4-3.el6_9.x86_64.rpm
0eee5ce9d6f214fdb32d79c0851fb46d58497fc73bc55c84668acdbc564348c6 nss-tools-3.28.4-3.el6_9.x86_64.rpm

Source:
362a030086f701a7c8037aec4da72d9995fcf6476acfac5ca9ace4ad12ea0309 nss-3.28.4-3.el6_9.src.rpm

x86_64:
0536cf40d3defdbc22f25218ae674c91f2425eb69bafd1858d1cd9ab526c3682 nss-3.28.4-1.2.el7_3.i686.rpm
fb37820045416e7bc172eb98f3af5dea0088cebf6c4eafd0bf4cd45601f3f7f2 nss-3.28.4-1.2.el7_3.x86_64.rpm
9039d34f9105c69dbfeff967eb7286103b15d268b813fec728dd948390298955 nss-devel-3.28.4-1.2.el7_3.i686.rpm
13aabc002f56b81c1d8d4df88cb2f082e942d25627de90ef0b88d6e8a6054906 nss-devel-3.28.4-1.2.el7_3.x86_64.rpm
832656e7c80467344368bb064b1cb363f99e0168db25f719927466dbc6578965 nss-pkcs11-devel-3.28.4-1.2.el7_3.i686.rpm
ccadb9d437bd63fe4881e4bc7662a266dae6fb9e3d120e570212146eb848571a nss-pkcs11-devel-3.28.4-1.2.el7_3.x86_64.rpm
7bc62046adb8c0d29bb1e6e798d8226057d772aefb3ecb33eda904b70ee14fc3 nss-sysinit-3.28.4-1.2.el7_3.x86_64.rpm
013275b785ea830b3ab87ef8ef971527d248c2450f9cded98cdf199b65cf4476 nss-tools-3.28.4-1.2.el7_3.x86_64.rpm

Source:
67e7973b087488e1f2e51f3cb28fac7d143a1dd07f9b3ddcf79375d5913ea123 nss-3.28.4-1.2.el7_3.src.rpm

Cause:   Access control error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
May 30 2017 Network Security Services (NSS) Null Pointer Dereference in ssl3_GatherData() Lets Remote Users Cause the Target Service to Crash



 Source Message Contents

Subject:  [CentOS-announce] CESA-2017:1364 Important CentOS 6 nss Security Update


CentOS Errata and Security Advisory 2017:1364 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-1364.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
d77edfa78ee44700556252fe80f032fc033a55fb7bb2f2c5ba5aea73a1125c1d  nss-3.28.4-3.el6_9.i686.rpm
9484c1a36ac701664333a6e2a30e54391960d9b5c0c68b3d5050982cc7b27409  nss-devel-3.28.4-3.el6_9.i686.rpm
b6bb72fb77b46350bfa85456c956b638bfab12c1b6132331f5ac44f9748925e0  nss-pkcs11-devel-3.28.4-3.el6_9.i686.rpm
12bf47b242587e7716a30e335774b7d05a48f9c578642730986dba440eca90dc  nss-sysinit-3.28.4-3.el6_9.i686.rpm
c448a582b4fa615bc4926d924f6c37aa8ea034c49336867c4bc659d019d21514  nss-tools-3.28.4-3.el6_9.i686.rpm

x86_64:
d77edfa78ee44700556252fe80f032fc033a55fb7bb2f2c5ba5aea73a1125c1d  nss-3.28.4-3.el6_9.i686.rpm
e31ab61a961da1167d5d3fec3b4d2735602e942dd2491ce6f09536030b971a1f  nss-3.28.4-3.el6_9.x86_64.rpm
9484c1a36ac701664333a6e2a30e54391960d9b5c0c68b3d5050982cc7b27409  nss-devel-3.28.4-3.el6_9.i686.rpm
34f02716079054002b6daa61b62c3d7153111846cb3634bf78db9bd768735a07  nss-devel-3.28.4-3.el6_9.x86_64.rpm
b6bb72fb77b46350bfa85456c956b638bfab12c1b6132331f5ac44f9748925e0  nss-pkcs11-devel-3.28.4-3.el6_9.i686.rpm
b73425f3b5c387107afef99920e8ff0b28c74f706a567c7cb4e1d70be1b6325e  nss-pkcs11-devel-3.28.4-3.el6_9.x86_64.rpm
254ad8f2e42f5ef3b7cd7d6c95176f4cf93554123329d9d0e856b591424509d1  nss-sysinit-3.28.4-3.el6_9.x86_64.rpm
0eee5ce9d6f214fdb32d79c0851fb46d58497fc73bc55c84668acdbc564348c6  nss-tools-3.28.4-3.el6_9.x86_64.rpm

Source:
362a030086f701a7c8037aec4da72d9995fcf6476acfac5ca9ace4ad12ea0309  nss-3.28.4-3.el6_9.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC