Bug 1060953 (CVE-2014-1490)
Summary: | CVE-2014-1490 nss: TOCTOU, potential use-after-free in libssl's session ticket processing (MFSA 2014-12) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | emaldona, jkurik, jrusnack, pfrields, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | nss 3.15.4 | Doc Type: | Bug Fix |
Doc Text: |
A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2014-09-18 03:04:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1101846, 1113849, 1113853 | ||
Bug Blocks: | 1054104, 1063682 |
Description
Huzaifa S. Sidhpurwala
2014-02-04 02:19:43 UTC
External References: http://www.mozilla.org/security/announce/2014/mfsa2014-12.html Upstream advisory MFSA 2014-12 (see comment 1) links the following upstream bug as related to this CVE: https://bugzilla.mozilla.org/show_bug.cgi?id=930874 Upstream bug is currently private, however, the following nss upstream commit references the above upstream bug: http://hg.mozilla.org/projects/nss/rev/f6047eb1d0b8 The upstream bug mentioned in comment #4 is public now. This issue has been resolved in nss-3.15.4. Fedora 19 and Fedora 20 currently ship nss-3.15.5 and therefore is not vulnerable to this issue. Statement: (none) This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0917 https://rhn.redhat.com/errata/RHSA-2014-0917.html IssueDescription: A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2014:1246 https://rhn.redhat.com/errata/RHSA-2014-1246.html |