ESB-2017.2594 - [FreeBSD] nss: Multiple vulnerabilities 2017-10-13

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2594
       nss -- Use-after-free in TLS 1.2 generating handshake hashes
                              13 October 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           nss
Publisher:         FreeBSD
Operating System:  FreeBSD
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-7805  

Reference:         ASB-2017.0155
                   ESB-2017.2571
                   ESB-2017.2559
                   ESB-2017.2551

Original Bulletin: 
   http://www.vuxml.org/freebsd/e71fd9d3-af47-11e7-a633-009c02a2ab30.html

- --------------------------BEGIN INCLUDED TEXT--------------------

nss -- Use-after-free in TLS 1.2 generating handshake hashes

Affected packages

3.32 <= linux-c6-nss < 3.32.1

3.28 <= linux-c6-nss < 3.28.6

3.32 <= linux-c7-nss < 3.32.1

3.28 <= linux-c7-nss < 3.28.6

3.32 <= nss < 3.32.1

3.28 <= nss < 3.28.6

Details

VuXML ID e71fd9d3-af47-11e7-a633-009c02a2ab30

Discovery 2017-08-04

Entry 2017-10-12

Mozilla reports:

During TLS 1.2 exchanges, handshake hashes are generated which point to a 
message buffer. This saved data is used for later messages but in some cases,
the handshake transcript can exceed the space available in the current buffer,
causing the allocation of a new buffer. This leaves a pointer pointing to the
old, freed buffer, resulting in a use-after-free when handshake hashes are 
then calculated afterwards. This can result in a potentially exploitable 
crash.

References

CVE Name CVE-2017-7805

URL https://hg.mozilla.org/projects/nss/rev/2d7b65b72290

URL https://hg.mozilla.org/projects/nss/rev/d3865e2957d0

URL 
https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWeBSlYx+lLeg9Ub1AQiWIRAAodcp3j7fTH8LwUna5sVe/BOAy7EwBVtw
tKmfJq1SFyYxiijZIn/N7hlRC+17YKSq5ZsGW/2sNW6yvTA1eQ87ZpSI/DwA79Kc
HVbIPe2jqTtIGmuSpKabIb1rlM8xsBTwjNr+MXNt7sY1wZokGok0S13F2oGkEsiD
fTnReHljaxYMnYvIxYDhsUSHhecRSgFT9uTKEggKi+S6bAuXXTE6CHuJRaS4fnLJ
b9cnPNKn5X6rqqn7FnAT0vAEKs+K7YHvl3OlI1IpjFT4hJP15y4a3loVu5J9ph4U
CyOaJ2f99t1bi2p/sWKPcNFDKUFg1xc8kirJzDfanDGMqsJsHoa0sHTQpUIdDRsJ
WUMzTrxm6Fe/KC/v0Ykj2AZpLrpkFYPJqyMZMTGrmDeSvHvzQ5uLvzJJt4ZMABxA
Hm83L6DDU6PeeIWoxfsHwGVvyUYZEbjkxTbq6RnkIfgJYSB0Q1vX2XNuq9mshh3I
L0UjHABlprrOk1VCUer+pYx8ChlEbHtftVpleuEGQfqSSCrO2BNVM4yidWdaea8z
wA6LfaH9dRjfStvAmh6YQ4hVz7ZSjAK8ub/Ruqy8Byv5V/o3bpgcSw6nMayiOSNP
ThC/FKKV1GpiUPg8aMvCM5XJi+wBK3+CEJ4NJ7DdzRCRR4W1G8GlDC9Zmhc9V6TJ
QKWPrqwhtjI=
=MDkT
-----END PGP SIGNATURE-----

« Back to bulletins