Bug 1446631 (CVE-2017-7502)

Summary: CVE-2017-7502 nss: Null pointer dereference when handling empty SSLv2 messages
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: dkholia, dueno, hkario, kengert, security-response-team, slawomir, sparks, striker, szidek, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2017-05-31 12:46:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1435017, 1450750, 1450751, 1450752, 1450753    
Bug Blocks: 1446634    

Description Adam Mariš 2017-04-28 13:10:54 UTC 
Null pointer dereference vulnerability in NSS was found when server receives empty SSLv2 messages. This issue was introduced with the recent removal of SSLv2 protocol from upstream code in 3.24.0 and introduction of dedicated parser able to handle just sslv2-style hello messages.

Upstream patch:

https://hg.mozilla.org/projects/nss/rev/55ea60effd0d
Comment 3 Alicja Kario 2017-05-15 14:29:23 UTC 
*** Bug 1450763 has been marked as a duplicate of this bug. ***
Comment 4 Alicja Kario 2017-05-26 11:41:19 UTC 
*** Bug 1449161 has been marked as a duplicate of this bug. ***
Comment 5 errata-xmlrpc 2017-05-30 08:05:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:1365 https://access.redhat.com/errata/RHSA-2017:1365
Comment 6 errata-xmlrpc 2017-05-30 11:08:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2017:1364 https://access.redhat.com/errata/RHSA-2017:1364
Comment 8 errata-xmlrpc 2017-06-21 15:11:41 UTC 
This issue has been addressed in the following products:

  CDK 3.0

Via RHSA-2017:1567 https://access.redhat.com/errata/RHSA-2017:1567