nss

• Author: voroskoi
• Vulnerable: 3.11.3-2siwenna1
• Unaffected: 3.11.3-3siwenna1

Two vulnerabilities have been reported in Network Security Services (NSS), which potentially can be exploited by malicious people to compromise a vulnerable system.

1. An integer underflow error when processing SSLv2 server messages can be exploited to cause a heap-based buffer overflow via a certificate with a public key too small to encrypt the “Master Secret”.
2. An integer underflow error when processing SSLv2 client master keys can be exploited to cause a stack-based buffer overflow via specially crafted parameters during an SSLv2 handshake. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

• Bug Tracker URL: http://bugs.frugalware.org/task/1756

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009