VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
VRDA-100112-001
VMware ESX and vMA Security Update Fixes NSS and NSPR Issues
http://lists.vmware.com/pipermail/security-announce/2010/000075.html

ervice console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR) are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console packages for NSS and NSPR.




About This Analysis Information
Analysis Information Provider:
 		JPCERT/CC
 		First Published:
 		2010-01-12
Source Information Category:
 		Advisory, Alert
 		Last Updated:
 		2010-01-12




Affected Product Tags
cpe:/a:vmware:esx_server     (VMWare ESX Server)
lapt:/a:vmware:vma     (vSphere Management Assistant)
 


Vulnerability Analysis Results
[Information Source Reliability] [?]
Low [?]

Medium [?]
X High [?]
[Impact Level] [?]
Low [?]

Low-Medium [?]
Medium-High [?]
X High [?]
[Access Required] [?]
Physical [?]

Local [?]
Non-routed [?]
X Routed [?]
[Authentication] [?]
Privileged [?]

Standard [?]
Limited [?]
X None or Unnecessary [?]
[User Interaction Required] [?]
X Complex [?]

Simple [?]
None [?]
[Technical Difficulty] [?]
High [?]

Medium-High [?]
Low-Medium [?]
Low [?]
[Availability of Remediation] [?]
X Official Patch [?]

Official Workaround [?]
Unofficial Patch [?]
None [?]
[Incident Activity] [?]
X None [?]

Exploit or PoC [?]
Activity Observed [?]
Alternatives




References
Common Vulnerabilities and Exposures (CVE) CVE-2009-2409
The Network Security Services (NSS) library before 3.12.3, as used inFirefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k;and other products support MD2 with X.509 certificates, which mightallow remote attackers to spoof certificates by using MD2 design flawsto generate a hash collision in less than brute-force time. NOTE: thescope of this issue is currently limited because the amount ofcomputation required is still large.




Common Vulnerabilities and Exposures (CVE) CVE-2009-2408
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 donot properly handle a '\0' character in a domain name in the subject'sCommon Name (CN) field of an X.509 certificate, which allowsman-in-the-middle attackers to spoof arbitrary SSL servers via acrafted certificate issued by a legitimate CertificationAuthority. NOTE: this was originally reported for Firefox before 3.5.




Common Vulnerabilities and Exposures (CVE) CVE-2009-2404
Heap-based buffer overflow in a regular-expression parser in MozillaNetwork Security Services (NSS) before 3.12.3, as used in Firefox,Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger(AIM), allows remote SSL servers to cause a denial of service(application crash) or possibly execute arbitrary code via a longdomain name in the subject's Common Name (CN) field of an X.509certificate, related to the cert_TestHostName function.




Common Vulnerabilities and Exposures (CVE) CVE-2009-1563
** REJECT **DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason:This candidate is a duplicate of CVE-2009-0689. Certain codebaserelationships were not originally clear. Notes: All CVE users shouldreference CVE-2009-0689 instead of this candidate. All references anddescriptions in this candidate have been removed to prevent accidentalusage.




Common Vulnerabilities and Exposures (CVE) CVE-2009-3274
Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable/tmp pathname for files selected from the Downloads window, whichallows local users to replace an arbitrary downloaded file by placinga file in a /tmp location before the download occurs, related to theDownload Manager component. NOTE: some of these details are obtainedfrom third party information.




Common Vulnerabilities and Exposures (CVE) CVE-2009-3370
Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remoteattackers to read form history by forging mouse and keyboard eventsthat leverage the auto-fill feature to populate form fields, in anattacker-readable form, with history entries.




Common Vulnerabilities and Exposures (CVE) CVE-2009-3372
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkeybefore 2.0, allows remote attackers to execute arbitrary code via acrafted regular expression in a Proxy Auto-configuration (PAC) file.




Common Vulnerabilities and Exposures (CVE) CVE-2009-3373
Heap-based buffer overflow in the GIF image parser in Mozilla Firefoxbefore 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allowsremote attackers to execute arbitrary code via unspecified vectors.




Common Vulnerabilities and Exposures (CVE) CVE-2009-3374
The XPCVariant::VariantDataToJS function in the XPCOM implementationin Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does notenforce intended restrictions on interaction between chrome privilegedcode and objects obtained from remote web sites, which allows remoteattackers to execute arbitrary JavaScript with chrome privileges viaunspecified method calls, related to "doubly-wrapped objects."




Common Vulnerabilities and Exposures (CVE) CVE-2009-3375
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.xbefore 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remoteattackers to bypass the Same Origin Policy and read an arbitrarycontent selection via the document.getSelection function.




Common Vulnerabilities and Exposures (CVE) CVE-2009-3376
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkeybefore 2.0, does not properly handle a right-to-left override (aka RLOor U+202E) Unicode character in a download filename, which allowsremote attackers to spoof file extensions via a crafted filename, asdemonstrated by displaying a non-executable extension for anexecutable file.




Common Vulnerabilities and Exposures (CVE) CVE-2009-3380
Multiple unspecified vulnerabilities in the browser engine in MozillaFirefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remoteattackers to cause a denial of service (memory corruption andapplication crash) or possibly execute arbitrary code via unknownvectors.




Common Vulnerabilities and Exposures (CVE) CVE-2009-3382
layout/base/nsCSSFrameConstructor.cpp in the browser engine in MozillaFirefox 3.0.x before 3.0.15 does not properly handle first-letterframes, which allows remote attackers to cause a denial of service(memory corruption and application crash) or possibly executearbitrary code via unspecified vectors.




Copyright © 2010 JPCERT/CC All Rights Reserved.