[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98503

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-2404

Date: (C)2009-08-03   (M)2017-11-18 


Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.

CVSS Score: 9.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SUNALERT-1021030
SUNALERT-1021699
SUNALERT-273910
BID-35891
SECUNIA-36088
SECUNIA-36102
SECUNIA-36125
SECUNIA-36139
SECUNIA-36157
SECUNIA-36434
SECUNIA-37098
SECUNIA-39428
ADV-2009-2085
DSA-1874
MDVSA-2009:197
MDVSA-2009:216
RHSA-2009:1185
RHSA-2009:1207
SUSE-SA:2009:048
TA10-103B
USN-810-1
USN-810-2
http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf
http://www.mozilla.org/security/announce/2009/mfsa2009-43.html
http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html
https://bugzilla.redhat.com/show_bug.cgi?id=512912

CPE    1
cpe:/a:mozilla:network_security_services:3.12.3
CWE    1
CWE-119
OVAL    16
oval:org.secpod.oval:def:500696
oval:org.secpod.oval:def:200399
oval:org.secpod.oval:def:200298
oval:org.secpod.oval:def:300704
...

© 2013 SecPod Technologies