Latest YouTube Video

Friday, August 11, 2017

[FD] Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)

Good afternoon. Multiple flaws in NSS were reported to Mozilla on or around 28 April 2017 and as of this notification have not been resolved and as such, I am disclosing them to the public so that anyone making use of NSS is aware that these exist. Please note that as I send this, the bugs remain hidden on the Mozilla Bugzilla tracker. What is NSS? Network Security Services (NSS) comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. All of the following flaws were triggered with changeset 13315:769f9ae07b10 in Mozilla's Mercurial repository (http://ift.tt/1sbHuF2) and can all be triggered using the NSS tool `certutil` and malformed `cert8.db` files which I have uploaded to http://ift.tt/2hQymaL. CVE-2017-11695: heap-buffer-overflow (write of size 8) in alloc_segs (lib/dbm/src/hash.c:1105) http://ift.tt/2fxVn1A CVE-2017-11696: heap-buffer-overflow (write of size 65544) in __hash_open (lib/dbm/src/hash.c:241) http://ift.tt/2hRIy38 CVE-2017-11697: Floating Point Exception in __hash_open (hash.c:229) http://ift.tt/2fwy5JD CVE-2017-11698: heap-buffer-overflow (write of size 2) in __get_page (lib/dbm/src/h_page.c:704) http://ift.tt/2hRIyAa These flaws were discovered by Brian Carpenter of Geeknik Labs (http://www.geeknik.net) using the American Fuzzy Lop tool.

Source: Gmail -> IFTTT-> Blogger

No comments: