The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of NSPR

computer vulnerability bulletin 20748

Mozilla NSS, NSPR: privilege escalation via SUID

Synthesis of the vulnerability

An attacker can in some cases use an environment variable with a suid program linked to Mozilla NSS or NSPR, in order to escalate his privileges.
Impacted products: Debian, NSPR, NSS, openSUSE, openSUSE Leap.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 03/10/2016.
Identifiers: 1174015, DLA-676-1, DLA-677-1, DSA-3687-1, DSA-3688-1, openSUSE-SU-2016:0731-1, openSUSE-SU-2016:0733-1, VIGILANCE-VUL-20748.

Description of the vulnerability

The Mozilla NSS and NSPR libraries use environment variables.

However, if the program linked to NSS/NSPR is suid, the library uses getenv() instead of secure_getenv(). Environment variables which are potentially dangerous are thus not filtered.

An attacker can therefore in some cases use an environment variable with a suid program linked to Mozilla NSS or NSPR, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-1951

NSPR: buffer overflow via GrowStuff

Synthesis of the vulnerability

An attacker can generate a buffer overflow in GrowStuff of NSPR, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, NSPR, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 13/06/2016.
Identifiers: 1174015, CVE-2016-1951, DLA-513-1, DSA-3687-1, USN-3023-1, USN-3028-1, VIGILANCE-VUL-19876.

Description of the vulnerability

The NSPR library provides functions for memory management.

The routine GrowStuff reallocates a buffer. However, on 32 bits platform, an arithmetic overflow may occur, which leads to a buffer overflow because the actually allocated size is too small.

An attacker can therefore generate a buffer overflow in GrowStuff of NSPR, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-7181 CVE-2015-7182 CVE-2015-7183

Mozilla NSS/NSPR: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla NSS/NSPR.
Impacted products: Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Fedora, Firefox, NSPR, NSS, openSUSE, openSUSE Leap, Oracle Communications, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 04/11/2015.
Identifiers: cpuoct2017, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, DLA-480-1, DSA-3393-1, DSA-3406-1, DSA-3688-1, FEDORA-2015-2880ac7065, FEDORA-2015-5b5109510c, MFSA-2015-133, openSUSE-SU-2015:1942-1, RHSA-2015:1980-01, RHSA-2015:1981-01, RHSA-2015:1982-01, RHSA-2015:2068-01, SA119, SOL31372672, SSA:2015-310-02, SUSE-SU-2015:1978-1, SUSE-SU-2015:1981-1, SUSE-SU-2015:2081-1, USN-2790-1, USN-2791-1, VIGILANCE-VUL-18237.

Description of the vulnerability

Several vulnerabilities were announced in Mozilla NSS/NSPR.

An attacker can force the usage of a freed memory area in Mozilla NSS sec_asn1d_parse_leaf(), in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7181]

An attacker can generate a buffer overflow in Mozilla NSS BER OCTET STRING, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7182]

An attacker can generate a buffer overflow in Mozilla NSS/NSPR PL_ARENA_ALLOCATE, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2015-7183]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-1545

NSPR: buffer overflow of sprintf

Synthesis of the vulnerability

An attacker can generate a buffer overflow of NSPR via sprintf(), in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Fedora, NSPR, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/06/2014.
Identifiers: CVE-2014-1545, DSA-2962-1, FEDORA-2014-7279, FEDORA-2014-7310, MDVSA-2014:125, MDVSA-2015:059, MFSA 2014-55, openSUSE-SU-2014:0797-1, RHSA-2014:0917-01, RHSA-2014:1246-01, SUSE-SU-2014:0824-1, SUSE-SU-2014:0824-2, SUSE-SU-2014:0824-3, SUSE-SU-2014:0905-1, USN-2265-1, VIGILANCE-VUL-14869.

Description of the vulnerability

The NSPR (Netscape Portable Runtime) library is used to create multi-platform applications.

However, if the size of data is greater than the size of the storage array, an overflow occurs in the sprintf() function.

An attacker can therefore generate a buffer overflow of NSPR via sprintf(), in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2010-3170

Mozilla NSPR, NSS, IE: accepting IP wildcard certificates

Synthesis of the vulnerability

Some web browsers accept wildcard X.509 certificates containing an IP address fragment.
Impacted products: Debian, Fedora, IE, Firefox, NSPR, NSS, SeaMonkey, Thunderbird, openSUSE, Solaris, RHEL, SLES, ESX.
Severity: 1/4.
Consequences: disguisement.
Provenance: document.
Creation date: 28/10/2010.
Identifiers: CERTA-2002-AVI-272, CVE-2010-3170, DSA-2123-1, FEDORA-2010-15989, openSUSE-SU-2010:0904-1, openSUSE-SU-2010:0906-1, openSUSE-SU-2014:1100-1, RHSA-2010:0862-02, SUSE-SR:2010:020, VIGILANCE-VUL-10079, VMSA-2011-0004.2, VMSA-2011-0012.1, VMSA-2011-0013, VMSA-2012-0005, wp-10-0001.

Description of the vulnerability

A wildcard X.509 certificate matches several domains. For example "*.example.com" is valid for all domains ending with ".example.com" (which belongs to the same company).

In order to protect against Man-In-The-Middle attacks, the RFC 2818 forbids wildcard certificates for IP addresses. For example, "*.2.3.4" has to be rejected because 1.2.3.4, 2.2.3.4, 3.2.3.4, etc. do not belong to the same network (and thus to the same company).

However, some implementation accept IP wildcard certificates.

When a certification authority accepts to sign such a certificate, an attacker can therefore use it for a Man-In-The-Middle attack.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2009-0689

NSPR: memory corruptions

Synthesis of the vulnerability

An attacker can use two vulnerabilities of NSPR, in order to generate a denial of service, or to execute code.
Impacted products: Debian, Fedora, Mandriva Linux, NSPR, openSUSE, SLES, ESX.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/11/2009.
Identifiers: 492779, 516396, BID-36851, CERTA-2009-AVI-414, CERTA-2009-AVI-509, CERTA-2009-AVI-520, CERTA-2010-AVI-280, CVE-2009-0689, CVE-2009-1563-REJECT, DSA-1931-1, FEDORA-2010-7100, MDVSA-2009:294, SUSE-SR:2009:018, VIGILANCE-VUL-9144, VMSA-2010-0001, VMSA-2010-0001.1.

Description of the vulnerability

The NSPR (Netscape Portable Runtime) library is impacted by two vulnerabilities.

An attacker can corrupt the memory when a string is converted to a float number, which leads to code execution. [severity:2/4; 516396, BID-36851, CERTA-2009-AVI-414, CERTA-2009-AVI-509, CERTA-2009-AVI-520, CERTA-2010-AVI-280, CVE-2009-0689, CVE-2009-1563-REJECT]

With NSPR 4.8, an attacker can generate an integer overflow in the PL_Base64Decode() function. [severity:2/4; 492779]

An attacker can therefore generate a denial of service, or execute code, in applications linked to NSPR.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about NSPR: