The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of NSS: memory leak via RSA

Synthesis of the vulnerability 

An attacker can create a denial of service by exploiting a memory leak in NSS.
Vulnerable systems: Fedora, Firefox, NSS, Mozilla Suite, Thunderbird.
Severity of this threat: 1/4.
Creation date: 30/04/2007.
Références of this weakness: BID-18604, CVE-2006-3127, FEDORA-2006-728, VIGILANCE-VUL-6770.

Description of the vulnerability 

The NSS libraries (Network Security Services) implement cryptographic features for SSL, TLS, PKCS, etc.

During a RSA computation, NSS does not free 256 bytes.

An attacker can therefore compute numerous RSA operations, in order to consume system memory.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat alert impacts software or systems such as Fedora, Firefox, NSS, Mozilla Suite, Thunderbird.

Our Vigil@nce team determined that the severity of this weakness announce is low.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this computer weakness bulletin.

Solutions for this threat 

NSS: version 3.11.1.
Version 3.11.1 is corrected:
  https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_1_RTM/
Note: version 3.11.5 is more recent (VIGILANCE-SOL-11940).

Fedora Core 5: nss packages.
Packages are available:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
a6ce681c848c7aed85d1d73351f943c2cacd8878 SRPMS/nss-3.11.1-1.fc5.src.rpm
a6ce681c848c7aed85d1d73351f943c2cacd8878 noarch/nss-3.11.1-1.fc5.src.rpm
2b926203dd3d1cd7e671eac19f943b9d690df415 ppc/nss-3.11.1-1.fc5.ppc.rpm
85c6774b39a80fa82e5885041798e6e7b9f5a759 ppc/nss-devel-3.11.1-1.fc5.ppc.rpm
e2228189997d19f09dd41f95afcdc47e1ac43add ppc/debug/nss-debuginfo-3.11.1-1.fc5.ppc.rpm
f82210a4d2a2a537cd9cdd7ad4b622f526e8ab72 ppc/nss-tools-3.11.1-1.fc5.ppc.rpm
1ddd8bcdb6cc3ac0d723319316e66899c52c74c1 ppc/nss-pkcs11-devel-3.11.1-1.fc5.ppc.rpm
e3273bb71137a00e6e72551374798e8d014c01ba x86_64/nss-devel-3.11.1-1.fc5.x86_64.rpm
c5754ed91600b7edef565665526ec7a18d2b8eee x86_64/nss-tools-3.11.1-1.fc5.x86_64.rpm
477ddb4e9972bd78247cb6494433839733e35e47 x86_64/debug/nss-debuginfo-3.11.1-1.fc5.x86_64.rpm
9d48226da0e6a466573a0b665cef80cbdb546b5b x86_64/nss-3.11.1-1.fc5.x86_64.rpm
7a03f879f90c2ecc2edf1dca0860bd7a26b600b1 x86_64/nss-pkcs11-devel-3.11.1-1.fc5.x86_64.rpm
b8ce8e833096bf913a84ad80bd608d09465265f4 i386/debug/nss-debuginfo-3.11.1-1.fc5.i386.rpm
9298243f497e6b29827b13e16576562f8289f9b4 i386/nss-tools-3.11.1-1.fc5.i386.rpm
3beec3025c0653b93e562831f860b13903c7ef30 i386/nss-3.11.1-1.fc5.i386.rpm
8fa1f626f2a7229044592f65dc91310eddaaaaf0 i386/nss-devel-3.11.1-1.fc5.i386.rpm
4a941076680b1dee8025d4c6f5d4d827af8b814a i386/nss-pkcs11-devel-3.11.1-1.fc5.i386.rpm
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities database. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.