CVE-2007-0008 Information

Feb 14, 2021 cve

Description

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5 as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2 SeaMonkey before 1.0.8 Thunderbird before 1.5.0.10 and certain Sun Java System server products before 20070611 allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the \Master Secret\ which results in a heap-based overflow.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2709 http://fedoranews.org/cms/node/2711 http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://fedoranews.org/cms/node/2747 http://fedoranews.org/cms/node/2749 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482 http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://rhn.redhat.com/errata/RHSA-2007-0077.html http://secunia.com/advisories/24205 http://secunia.com/advisories/24238 http://secunia.com/advisories/24252 http://secunia.com/advisories/24253 http://secunia.com/advisories/24277 http://secunia.com/advisories/24287 http://secunia.com/advisories/24290 http://secunia.com/advisories/24293 http://secunia.com/advisories/24320 http://secunia.com/advisories/24328 http://secunia.com/advisories/24333 http://secunia.com/advisories/24342 http://secunia.com/advisories/24343 http://secunia.com/advisories/24384 http://secunia.com/advisories/24389 http://secunia.com/advisories/24395 http://secunia.com/advisories/24406 http://secunia.com/advisories/24410 http://secunia.com/advisories/24455 http://secunia.com/advisories/24456 http://secunia.com/advisories/24457 http://secunia.com/advisories/24522 http://secunia.com/advisories/24562 http://secunia.com/advisories/24650 http://secunia.com/advisories/24703 http://secunia.com/advisories/25588 http://secunia.com/advisories/25597 http://security.gentoo.org/glsa/glsa-200703-18.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1 http://www.debian.org/security/2007/dsa-1336 http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml http://www.kb.cert.org/vuls/id/377812 http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 http://www.mandriva.com/security/advisories?name=MDKSA-2007:052 http://www.mozilla.org/security/announce/2007/mfsa2007-06.html http://www.novell.com/linux/security/advisories/2007_22_mozilla.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.osvdb.org/32105 http://www.redhat.com/support/errata/RHSA-2007-0078.html http://www.redhat.com/support/errata/RHSA-2007-0079.html http://www.redhat.com/support/errata/RHSA-2007-0097.html http://www.redhat.com/support/errata/RHSA-2007-0108.html http://www.securityfocus.com/archive/1/461336/100/0/threaded http://www.securityfocus.com/archive/1/461809/100/0/threaded http://www.securityfocus.com/bid/22694 http://www.securityfocus.com/bid/64758 http://www.securitytracker.com/id?1017696 http://www.ubuntu.com/usn/usn-428-1 http://www.ubuntu.com/usn/usn-431-1 http://www.vupen.com/english/advisories/2007/0718 http://www.vupen.com/english/advisories/2007/0719 http://www.vupen.com/english/advisories/2007/1165 http://www.vupen.com/english/advisories/2007/2141 https://bugzilla.mozilla.org/show_bug.cgi?id=364319 https://exchange.xforce.ibmcloud.com/vulnerabilities/32666 https://issues.rpath.com/browse/RPL-1081 https://issues.rpath.com/browse/RPL-1103 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10502

Share on: