[arch-security] [ASA-201511-3] nss: arbitrary code execution
Remi Gacogne
rgacogne at archlinux.org
Fri Nov 6 12:15:40 UTC 2015
Arch Linux Security Advisory ASA-201511-3
=========================================
Severity: Critical
Date : 2015-11-06
CVE-ID : CVE-2015-7181 CVE-2015-7182
Package : nss
Type : arbitrary code execution
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package nss before version 3.20.1-1 is vulnerable to a heap-overflow
vulnerability leading to arbitrary code execution.
Resolution
==========
Upgrade to 3.20.1-1.
# pacman -Syu "nss>=3.20.1-1"
The problem has been fixed upstream in version 3.20.1.
Workaround
==========
None.
Description
===========
Several issues existed within the ASN.1 decoder used by NSS for handling
streaming BER data. While the majority of NSS uses a separate,
unaffected DER decoder, several public routines also accept BER data,
and thus are affected. An attacker that successfully exploited these
issues can overflow the heap and may be able to obtain remote code
execution.
Impact
======
A remote attacker, by submitting crafted ASN.1 data in BER format, can
execute arbitrary code on the affected host.
References
==========
http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html
https://access.redhat.com/security/cve/CVE-2015-7181
https://access.redhat.com/security/cve/CVE-2015-7182
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20151106/c5f1564c/attachment.asc>
More information about the arch-security
mailing list