Mozilla SeaMonkey规则表达式解析堆缓冲区溢出漏洞

发表评论 (0) 查看评论

漏洞起因
边界条件错误
 
影响系统
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux Desktop version 4
RedHat Enterprise Linux 5 server
RedHat Desktop 3.0
Mozilla SeaMonkey 1.0.8
Mozilla SeaMonkey 1.0.7
Mozilla SeaMonkey 1.0.6
Mozilla SeaMonkey 1.0.5
Mozilla SeaMonkey 1.0.3
Mozilla SeaMonkey 1.0.2
Mozilla SeaMonkey 1.0.1
Mozilla SeaMonkey 1.0 dev
Mozilla SeaMonkey 1.0
Mozilla Network Security Services (NSS) 3.12.2
Mozilla Network Security Services (NSS) 3.11.3
Mozilla Network Security Services (NSS) 3.9.2
Mozilla Network Security Services (NSS) 3.9
+ Mozilla Browser 1.5
Mozilla Network Security Services (NSS) 3.8
+ Galeon Galeon Browser 1.2.13
+ Mozilla Browser 1.4.1
+ Mozilla Browser 1.4.1
+ Mozilla Browser 1.4 b
+ Mozilla Browser 1.4 b
+ Mozilla Browser 1.4 a
+ Mozilla Browser 1.4 a
+ Mozilla Browser 1.4
+ Mozilla Browser 1.4
Mozilla Network Security Services (NSS) 3.7.7
Mozilla Network Security Services (NSS) 3.7.5
Mozilla Network Security Services (NSS) 3.7.3
Mozilla Network Security Services (NSS) 3.7.2
Mozilla Network Security Services (NSS) 3.7.1
Mozilla Network Security Services (NSS) 3.7
Mozilla Network Security Services (NSS) 3.6.1
Mozilla Network Security Services (NSS) 3.6
Mozilla Network Security Services (NSS) 3.6
Mozilla Network Security Services (NSS) 3.5
Mozilla Network Security Services (NSS) 3.4.2
Mozilla Network Security Services (NSS) 3.4.1
Mozilla Network Security Services (NSS) 3.4
Mozilla Network Security Services (NSS) 3.3.2
Mozilla Network Security Services (NSS) 3.3.1
Mozilla Network Security Services (NSS) 3.3
Mozilla Network Security Services (NSS) 3.2.1
Mozilla Network Security Services (NSS) 3.2
Mozilla Network Security Services (NSS) 3.12
Mozilla Network Security Services (NSS) 3.11
 
不受影响系统
Mozilla SeaMonkey 1.0.9
Mozilla Network Security Services (NSS) 3.12.3
 
危害
远程攻击者可以利用漏洞以应用程序权限执行任意指令。
 
攻击所需条件
攻击者必须构建恶意证书,诱使用户打开。
 
漏洞信息
Mozilla SeaMonkey是一款开源的WEB应用程序套件。
Mozilla SeaMonkey处理用于匹配SSL证书中的公用名的规则表达式代码存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。
构建恶意的证书,诱使用户使用Mozilla SeaMonkey处理可触发此漏洞。攻击者要利用此漏洞需要使SeaMonkey认为这个证书可信,否则会显示警告消息。
 
测试方法
 
厂商解决方案
用户可联系供应商获得最新程序Mozilla SeaMonkey 1.0.9:
http://www.mozilla.org/projects/seamonkey/
 
漏洞提供者
Moxie Marlinspike

发表评论?

0 条评论。

发表评论