CVE-2007-0009

{"id": "CVE-2007-0009", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-02-26T20:28:00.000", "references": [{"url": "ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://fedoranews.org/cms/node/2709", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://fedoranews.org/cms/node/2711", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://fedoranews.org/cms/node/2747", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://fedoranews.org/cms/node/2749", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2007-0077.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24253", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24277", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24287", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24290", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24293", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24333", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24342", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24343", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24384", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24389", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24395", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24406", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24410", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24455", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24456", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24457", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24522", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24562", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24650", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/24703", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/25588", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/25597", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-200703-18.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2007/dsa-1336", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.kb.cert.org/vuls/id/592796", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:050", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:052", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-06.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.novell.com/linux/security/advisories/2007_22_mozilla.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.osvdb.org/32106", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0078.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0079.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0097.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0108.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/461336/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/461809/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/64758", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1017696", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/usn-428-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/usn-431-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2007/0718", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2007/0719", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2007/1165", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2007/2141", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=364323", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32663", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://issues.rpath.com/browse/RPL-1081", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://issues.rpath.com/browse/RPL-1103", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid \"Client Master Key\" length values."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el soporte SSLv2 en Mozilla Network Security Services (NSS) anterior a versi\u00f3n 3.11.5, tal y como es usado por Firefox anterior a versi\u00f3n 1.5.0.10 y versi\u00f3n 2.x anterior a 2.0.0.2, Thunderbird anterior a versi\u00f3n 1.5.0.10, SeaMonkey anterior a versi\u00f3n 1.0.8, y ciertos productos de servidor Sun Java System anterior al 20070611, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de valores de longitud \"Client Master Key\" no v\u00e1lidos."}], "lastModified": "2019-10-09T22:51:51.787", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EDDD5B2-2356-4A1A-820F-60CF3B638910", "versionEndExcluding": "1.5.0.10", "versionStartIncluding": "1.5"}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BAFE9FF-65A4-487A-9D3A-844086DE5F27", "versionEndExcluding": "2.0.0.2", "versionStartIncluding": "2.0"}, {"criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "156B1F29-CBEE-475F-ADE0-92F805EA395C", "versionEndExcluding": "3.11.5"}, {"criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5ECD99A-50D8-47FB-AEE9-D7A4F8F72B7C", "versionEndExcluding": "1.0.8"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A187A85C-E699-4E41-8745-B76F83BE8CB0", "versionEndExcluding": "1.5.0.10"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873"}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FA3A32E-445A-4D39-A8D5-75F5370AD23D"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}