exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2016-1978

Status Candidate

Overview

Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.

Related Files

Debian Security Advisory 3688-1
Posted Oct 6, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3688-1 - Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-4000, CVE-2015-7181, CVE-2015-7182, CVE-2015-7575, CVE-2016-1938, CVE-2016-1950, CVE-2016-1978, CVE-2016-1979, CVE-2016-2834
SHA-256 | b93966cf45b459b94721e41f799657ce1d921ea91d32c39e7fe841f2d97f11e7
Ubuntu Security Notice USN-2973-1
Posted May 19, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2973-1 - Christian Holler, Tyson Smith, and Phil Ringalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Hanno Boeck discovered that calculations with mp_div and mp_exptmod in NSS produce incorrect results in some circumstances, resulting in cryptographic weaknesses. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1938, CVE-2016-1978, CVE-2016-1979, CVE-2016-2805, CVE-2016-2807
SHA-256 | d29c52273e7734f2eb886a43b5407681e67a0595f44c88105e13d3a3a39ba876
Red Hat Security Advisory 2016-0684-01
Posted Apr 25, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0684-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. Security Fix: A use-after-free flaw was found in the way NSS handled DHE and ECDHE handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-1978, CVE-2016-1979
SHA-256 | 5a2666975f30ed4ef9d32a6c94c6c7ee9af784cd8b1cb74c9e6c0bbd94cde00e
Red Hat Security Advisory 2016-0685-01
Posted Apr 25, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0685-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-1978, CVE-2016-1979
SHA-256 | 7142359029ecb55b91f8740bcc308885a4ca03d05377044d0945c59945dbfdaa
Red Hat Security Advisory 2016-0591-01
Posted Apr 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0591-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-1978, CVE-2016-1979
SHA-256 | b4d37927706ed52b6f88aeba09a8fe9f5e48bb1850ac0233b2fc350696bfd23f
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close