ID

VAR-200907-0748

CVE

CVE-2009-2408

TITLE

Mozilla NSS Null character CA SSL Certificate Verification Bypass Security Restriction Vulnerability

DESCRIPTION

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. The NSS library is used by a number of applications, including Mozilla Firefox, Thunderbird, and SeaMonkey. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. NOTE (August 6, 2009): This BID had included a similar issue in Fetchmail, but that issue is now documented in BID 35951 (Fetchmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability). Mozilla Network Security Services (NSS) is a function library (network security service library) of the Mozilla Foundation in the United States. The product provides cross-platform support for SSL, S/MIME and other Internet security standards. There is a mismatch between the NSS library's handling of the domain name in the SSL certificate between the SSL client and the CA that issued the server certificate. If a malicious user requests a certificate from a hostname with an invalid null character, most CAs will issue a certificate as long as the requester has the domain specified after the null character, but most SSL clients (browsers) will ignore this part of the name, Using a null character before the portion of validation allows an attacker to use a fake certificate in a man-in-the-middle attack to establish a false trust relationship. A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update provides the latest version of Thunderbird which are not vulnerable to these issues. Update: The mozilla-thunderbird-moztraybiff packages had the wrong release which prevented it to be upgraded (#53129). The new packages addresses this problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://www.mozilla.org/security/announce/2009/mfsa2009-42.html https://bugs.gentoo.org/show_bug.cgi?id=280615 https://qa.mandriva.com/53129 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.1: e1c540f94c8b66fa4495de6015ed85db 2009.1/i586/mozilla-thunderbird-moztraybiff-1.2.4-4.1mdv2009.1.i586.rpm ab2fa7586f21de2f23216def8c542db6 2009.1/SRPMS/mozilla-thunderbird-moztraybiff-1.2.4-4.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: b9ff59f0c11d63a1234365ea55ed5f46 2009.1/x86_64/mozilla-thunderbird-moztraybiff-1.2.4-4.1mdv2009.1.x86_64.rpm ab2fa7586f21de2f23216def8c542db6 2009.1/SRPMS/mozilla-thunderbird-moztraybiff-1.2.4-4.1mdv2009.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKzcjqmqjQ0CJFipgRArPoAKDTymDqJYIxV5BbT+2AwZppDwJIpACeJ4ht VW9XZMiWqP+lDv+zVbOlvnY= =ruxq -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-810-1 August 04, 2009 nss vulnerabilities CVE-2009-2404, CVE-2009-2408, CVE-2009-2409 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libnss3-1d 3.12.3.1-0ubuntu0.8.04.1 Ubuntu 8.10: libnss3-1d 3.12.3.1-0ubuntu0.8.10.1 Ubuntu 9.04: libnss3-1d 3.12.3.1-0ubuntu0.9.04.1 After a standard system upgrade you need to restart an applications that use NSS, such as Firefox, to effect the necessary changes. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.diff.gz Size/MD5: 37286 f4041d128d758f5506197b1cf0f1214f http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.dsc Size/MD5: 2012 401475ce9f7efa228d7b61671aa69c11 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 18232 49a5581a19be7771ecdc65fb943e86d7 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 3166090 074734f6e0fd51257999bdc0e38010f3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 1147016 ddc8dfd4f0cc77c129c5bb4b18b6612c http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 257780 f6d735c7c95478fe2992178e0d7781d4 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 312528 05d78cad52b8c5464350c9b191528e0e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 18200 2c088a165372b431416a5b6d9f54b80b http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 3012554 50978f6f10b9f4c3918822d864d41aed http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 1040016 f0a52f96bd4f7bb7d8001b7ca5ace8d0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 254880 c2151ff8a86f4119fcefa1f6c9ee7add http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 295096 f6fde2292ca35df9e6cac822d158e512 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 18190 cbc624cedbae82a39d3c47aaa8ffee38 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 3041822 533fda14ea785417cababc58419a8fec http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 1016224 1ed477ec2ffe3ac642cb7c29413842ab http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 253574 b9756509dcdeea8433a0f6bbe2dc27b7 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 292466 55f2cf8c33f19f17cae613aca3ce71c1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 20678 a26907dda711e1d13e8d597bee4689e0 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 3125800 102117180150342cecff38e653963f66 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 1143852 f96cab41f4bf24cf4fa4686b3a963464 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 256600 e19a891112bea8df4f27fe569da9c951 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 324934 9aaac74bc3f6ec7f990f78d556c5ec09 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 18292 7e17d87ea08f93759ed7784705d82453 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 2834720 02b6284e651dcf2e6556378dcb730689 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 1019944 ee1829f9195609b3912994fc76788243 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 251578 09583a51b0814b53959af6d79a1b4f8c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 299484 0d12ed86aae10c56300bd7cefb2884ef Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.diff.gz Size/MD5: 32769 d4e1fb5ca38687ad1e7532c457febc11 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.dsc Size/MD5: 2012 f98ccd513ae480ac7b56d7a4793758d3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 3310610 9f8e4b95d1019e3956a88745ce3888c4 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 1195070 21daa67a1f51cc4a942e41beb2da001f http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 257586 89d972c2b67679eca265abac76d0687d http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 18296 8c1d95902c4f0e85c47a3ca941f0b48a http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 317026 11f10cc940951638cf5cac0e6e2f7ded i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 3137262 2ae6e2fa5e934a5fa27e14cedcdc74b6 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 1076898 59318f3e92b12686695704ef33074dc0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 254686 b0dc3ec378ea87afff4a6d46fafca34f http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 18248 7a86d451f0cc722f66ca51f9894c81e2 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 300214 88f4442427f4ad5b1e507f24a872d7d5 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 3173686 65714f22fc4908727cd58fa917cff249 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 1050748 c55a36fa65b311364ddfc5f9bcacc3e9 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 253226 0b49775e55163a5c6fa22fba288eded7 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 18220 8fd881d7744299014a919437d9edaf87 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 296154 fce2927b08d43ba6d2188bf927dfb4d6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 3284430 e411ebc5e3848a9a28fdb7bcf55af833 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 1165792 f6a9ba644f3fb0cd888bf4b425522633 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 256434 19a95ab61e462058ecaf05cbebd11c8a http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 20666 abe014ba1940180af1051006e4d293fd http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 320710 0f3c730279a7e731e72986d15fa2fcc2 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 2942578 3d396922de5283db749fd41036403ead http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 1038356 9d291947a8ef7d02c8c1a9746c1309d4 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 251226 c09de8036a434e93488b5c1b77108246 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 18380 0d18623f50973af22fd4e44e0d042bf4 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 301438 430f4a9aef7a540fac80629656572ea9 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.diff.gz Size/MD5: 35980 b64ec10add3d7fbbc7335b0f85b9fb00 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.dsc Size/MD5: 2012 a889688996d5530e8bf1eb181683137e http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 3309788 d48afcfa4139fe94b4c0af67c8d9c850 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 1196740 7ace44202680241529edaeb226d0dec1 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 258240 54d581c61ba7608526790263545e1b1c http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 17404 bfbb39c275bb15dcef644991c6af7e7b http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 317668 9d55ed9607359667cf963e04ccb834d5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 3137602 af5d5d420c440bf53de79f8952ee17d0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 1078336 706162a5436e733e4ce57d51baf163fb http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 255338 140b54235689f93baa3971add5401a42 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 17412 fb6ca266988f45378c41455fa5207a85 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 300808 7b06b74c327641634d4f8f1f61b7d432 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 3171676 ad44dc80ef0066d3da2edede234b0210 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 1052136 727ab68dd03bec2ae01b4611c5f98309 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 253840 15198ca066b229b42ced8cb5f4307a53 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 17408 fdf85ab9c62a3d3999d4f49bf0172243 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 296796 ecc392b5e6b2b2b5b5ef6d9f93f3ad30 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 3282216 5399927c4f40c9369fcb58d3038cc3ec http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 1167866 477cd3a3cb2ec7c5cf791208e096de93 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 257080 85844f856588609fba74ec37044f9c35 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 17410 98059af1adbd24026a4dab4faa27ddd1 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 321372 b7afef4b3c7dc27dceb12668458629d8 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 2942004 2e8c7c62ef1119b9326564fe50389b8d http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 1039416 ad6d7c7f3a2301c7e46a1102098fdbaf http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 251874 4a70da68d8ae2e444b7aaf6836d50eba http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 17410 9921067423eeb95bea428bf9f471559c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 301814 302527f9bbcb164d12b13d25719a9ab9 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2025-1 security@debian.org http://www.debian.org/security/ Steffen Joeris March 31, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : icedove Vulnerability : several vulnerabilities Problem type : remote Debian-specific: no CVE IDs : CVE-2009-2408 CVE-2009-2404 CVE-2009-2463 CVE-2009-3072 CVE-2009-3075 CVE-2010-0163 Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2408 Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate (MFSA 2009-42). CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names (MFSA 2009-43). CVE-2009-2463 monarch2020 discovered an integer overflow n a base64 decoding function (MFSA 2010-07). CVE-2009-3072 Josh Soref discovered a crash in the BinHex decoder (MFSA 2010-07). CVE-2009-3075 Carsten Book reported a crash in the JavaScript engine (MFSA 2010-07). CVE-2010-0163 Ludovic Hirlimann reported a crash indexing some messages with attachments, which could lead to the execution of arbitrary code (MFSA 2010-07). For the stable distribution (lenny), these problems have been fixed in version 2.0.0.24-0lenny1. Due to a problem with the archive system it is not possible to release all architectures. The missing architectures will be installed into the archive once they become available. For the testing distribution squeeze and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your icedove packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24.orig.tar.gz Size/MD5 checksum: 35856543 3bf6e40cddf593ddc1a66b9e721f12b9 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.dsc Size/MD5 checksum: 1668 111c1a93c1ce498715e231272123f841 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.diff.gz Size/MD5 checksum: 103260 4661b0c8c170d58f844337699cb8ca1a alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 3723382 12c7fe63b0a5c59680ca36200a6f7d20 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 61132 c0f96569d4ea0f01cff3950572b3dda9 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 57375560 95a614e1cb620fad510eb51ae5cb37c5 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 13468190 03a629abf18130605927f5817b097bac amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 57584134 7d909c9f1b67d4758e290dc2c1dc01f2 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 3937168 de9dda16f94e696de897bec6c8d45f90 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 12384488 8d1632f7511c711a1d2ea940f7e451a2 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 59114 fae947071c0de6ebce316decbce61f9a arm architecture (ARM) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 3929902 5ab6f673b34770278270fb7862986b0b http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 53746 c9c53e8a42d85fe5f4fa8e2a85e55629 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 56491578 8eb38c6f99c501556506ac6790833941 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 10943350 d7c0badfe9210ce5341eb17ab7e71ca2 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 3944678 2a9dc50b61420b4fdf8f3a4d378bb484 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 60554 7dcd739363cff3cc4bda659b82856536 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 58523174 6780e8f9de0f2ed0c3bd533d03853d85 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 13952170 88674f31191b07cd76ea5d366c545f1d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 10951904 52ce1587c6eb95b7f8b63ccedf224d88 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 54838 101de9e837bea9391461074481bf770f http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 3924810 6ecf3693cce2ae97fd0bbdafc1ff06f6 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 56543048 73d1684cf69bed0441393abb46610433 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 3756914 615afd30bf893d2d32bbacedf1f7ff8e http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 16545566 0444c7198e94ab59e103e60bf86a2aa2 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 66302 f8800140b3797d4a4267a5dac0043995 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 57199564 5df5808f91ecdf6ac49f0e922b1a0234 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 12112586 4b40106b68670c726624348c0cb8bd1f http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 59511730 226cdd43af9dffb4132002044120769c http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 56670 72e58731ac68f2c599704a3e7ca45d4c http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 3942470 e8454d41a095226a2d252f10da795d96 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkuzCYEACgkQ62zWxYk/rQfEoQCfZP1v8IKG5mZvqvpREtfgpHLH mSkAn3Irm0DPIBkS/Zqz2dMfEVSq96IU =gE9m -----END PGP SIGNATURE----- . Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Network Security Services Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36093 VERIFY ADVISORY: http://secunia.com/advisories/36093/ DESCRIPTION: Some vulnerabilities have been reported in Network Security Services, which can potentially be exploited by malicious people to bypass certain security restrictions or to compromise a vulnerable system. 1) An error in the regular expression parser when matching common names in certificates can be exploited to cause a heap-based buffer overflow, e.g. via a specially crafted certificate signed by a trusted CA or when a user accepts a specially crafted certificate. 2) An error exists in the parsing of certain certificate fields, which can be exploited to e.g. get a client to accept a specially crafted certificate by mistake. SOLUTION: Update to version 3.12.3 or later. PROVIDED AND/OR DISCOVERED BY: Red Hat credits: 1) Moxie Marlinspike 2) Dan Kaminsky ORIGINAL ADVISORY: https://bugzilla.redhat.com/show_bug.cgi?id=512912 https://bugzilla.redhat.com/show_bug.cgi?id=510251 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

input validation error

EXPLOIT AVAILABILITY

EXTERNAL IDS

REFERENCES