Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-1490

Опубликовано: 04 фев. 2014
Источник: redhat
CVSS2: 5.1

Описание

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4nssWill not fix
Red Hat Enterprise Linux 7nssNot affected
Red Hat Enterprise Linux 5nssFixedRHSA-2014:124616.09.2014
Red Hat Enterprise Linux 6nsprFixedRHSA-2014:091722.07.2014
Red Hat Enterprise Linux 6nssFixedRHSA-2014:091722.07.2014
Red Hat Enterprise Linux 6nss-utilFixedRHSA-2014:091722.07.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-367->CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1060953nss: TOCTOU, potential use-after-free in libssl's session ticket processing (MFSA 2014-12)

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-1490

ubuntu
больше 11 лет назад

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

nvd логотип

CVE-2014-1490

nvd
больше 11 лет назад

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

debian логотип

CVE-2014-1490

debian
больше 11 лет назад

Race condition in libssl in Mozilla Network Security Services (NSS) be ...

github логотип

GHSA-68r6-xqmg-xhxx

github
больше 3 лет назад

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

oracle-oval логотип

ELSA-2014-1246

oracle-oval
почти 11 лет назад

ELSA-2014-1246: nss and nspr security, bug fix, and enhancement update (MODERATE)

5.1 Medium

CVSS2