Bug 748379 (CVE-2011-3640)
| Summary: | CVE-2011-3640 nss: /pkcs11.txt and /secmod.db files read on initialization | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | unspecified | CC: | emaldona, kdudka, kengert, vdanen |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-12-29 16:35:28 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 748385, 748524, 877413 | ||
| Bug Blocks: | 748381 | ||
|
Description
Jan Lieskovsky
2011-10-24 10:22:33 UTC
This issue did NOT affect the versions of the nss package, as shipped with Red Hat Enterprise Linux 4 and 5. This issue affects the version of the nss package, as shipped with Red Hat Enterprise Linux 6. -- This issue affects the versions of the nss package, as shipped with Fedora release of 14 and 15. Please schedule an update. Created nss tracking bugs for this issue Affects: fedora-all [bug 748385] CVE Request: [5] http://www.openwall.com/lists/oss-security/2011/10/24/4 The CVE identifier of CVE-2011-3640 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2011/10/25/1 Note that upstream seems to dispute this as per: Common Vulnerabilities and Exposures assigned an identifier CVE-2011-3640 to the following vulnerability: Name: CVE-2011-3640 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3640 Assigned: 20110921 Reference: http://blog.acrossecurity.com/2011/10/google-chrome-pkcs11txt-file-planting.html Reference: http://code.google.com/p/chromium/issues/detail?id=97426 Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=641052 ** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." The core problem of this flaw was that nss package tried to open certain configuration files from root directory "/". On operating systems, where unprivileged users are allowed to change content of "/" directory, this could lead to nss executing code from untrusted security module. Since Linux operating system does not allow an unprivileged users to modify content of the root directory, it is not a security issue on this platform. (In reply to comment #10) > Since Linux operating system does not allow an unprivileged users to modify > content of the root directory, it is not a security issue on this platform. Even though this is not a security issue on Linux, this problem was corrected as non-security bug in nss update released in Red Hat Enterprise Linux 6.2: https://rhn.redhat.com/errata/RHBA-2011-1584.html |