Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.
References
Link Providers
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc cve-icon cve-icon
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc cve-icon cve-icon
http://fedoranews.org/cms/node/2709 cve-icon cve-icon
http://fedoranews.org/cms/node/2711 cve-icon cve-icon
http://fedoranews.org/cms/node/2747 cve-icon cve-icon
http://fedoranews.org/cms/node/2749 cve-icon cve-icon
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 cve-icon cve-icon
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483 cve-icon cve-icon
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2007-0077.html cve-icon cve-icon
http://secunia.com/advisories/24253 cve-icon cve-icon
http://secunia.com/advisories/24277 cve-icon cve-icon
http://secunia.com/advisories/24287 cve-icon cve-icon
http://secunia.com/advisories/24290 cve-icon cve-icon
http://secunia.com/advisories/24293 cve-icon cve-icon
http://secunia.com/advisories/24333 cve-icon cve-icon
http://secunia.com/advisories/24342 cve-icon cve-icon
http://secunia.com/advisories/24343 cve-icon cve-icon
http://secunia.com/advisories/24384 cve-icon cve-icon
http://secunia.com/advisories/24389 cve-icon cve-icon
http://secunia.com/advisories/24395 cve-icon cve-icon
http://secunia.com/advisories/24406 cve-icon cve-icon
http://secunia.com/advisories/24410 cve-icon cve-icon
http://secunia.com/advisories/24455 cve-icon cve-icon
http://secunia.com/advisories/24456 cve-icon cve-icon
http://secunia.com/advisories/24457 cve-icon cve-icon
http://secunia.com/advisories/24522 cve-icon cve-icon
http://secunia.com/advisories/24562 cve-icon cve-icon
http://secunia.com/advisories/24650 cve-icon cve-icon
http://secunia.com/advisories/24703 cve-icon cve-icon
http://secunia.com/advisories/25588 cve-icon cve-icon
http://secunia.com/advisories/25597 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200703-18.xml cve-icon cve-icon
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 cve-icon cve-icon
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947 cve-icon cve-icon
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1 cve-icon cve-icon
http://www.debian.org/security/2007/dsa-1336 cve-icon cve-icon
http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml cve-icon cve-icon
http://www.kb.cert.org/vuls/id/592796 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052 cve-icon cve-icon
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html cve-icon cve-icon
http://www.osvdb.org/32106 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2007-0078.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2007-0079.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2007-0097.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2007-0108.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/461336/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/461809/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/64758 cve-icon cve-icon
http://www.securitytracker.com/id?1017696 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-428-1 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-431-1 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/0718 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/0719 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/1165 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/2141 cve-icon cve-icon
https://bugzilla.mozilla.org/show_bug.cgi?id=364323 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/32663 cve-icon cve-icon
https://issues.rpath.com/browse/RPL-1081 cve-icon cve-icon
https://issues.rpath.com/browse/RPL-1103 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2007-0009 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2007-0009 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-02-26T20:00:00

Updated: 2024-08-07T12:03:36.997Z

Reserved: 2006-12-19T00:00:00

Link: CVE-2007-0009

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2007-02-26T20:28:00.000

Modified: 2024-11-21T00:24:45.747

Link: CVE-2007-0009

cve-icon Redhat

Severity : Moderate

Publid Date: 2007-02-01T00:00:00Z

Links: CVE-2007-0009 - Bugzilla