VRDAフィード：脆弱性脅威分析用情報の定型データ配信

VRDA Feed by

Vulnerability Response Decision Assistance Feed : 脆弱性脅威分析用情報の定型データ配信

[ about VRDA Feed | JPCERT/CC ]

分析対象脆弱性情報 (リビジョン番号 : 1)

[ Download XML ]

VRDA-100112-001

VMware ESX および vMA における複数の脆弱性に対するアップデート

http://lists.vmware.com/pipermail/security-announce/2010/000075.html

ervice console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR) are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console packages for NSS and NSPR.

この情報について

分析情報提供元:

JPCERT/CC

初版公開日:

2010-01-12

分析対象脆弱性情報の分類:

アドバイザリ・注意喚起

最終更新日:

2010-01-12

脆弱性の影響を受ける製品の識別子

cpe:/a:vmware:esx_server (VMWare ESX Server)

lapt:/a:vmware:vma (vSphere Management Assistant)

脆弱性の分析内容

[分析に利用した情報の信頼性]^[?]

低^[?]

中^[?]

高^[?]

[影響の大きさ]^[?]

小^[?]

小～中^[?]

中～大^[?]

大^[?]

[攻撃経路]^[?]

物理アクセス^[?]

ローカルマシン上^[?]

同一セグメント上^[?]

インターネット経由^[?]

[認証レベル]^[?]

管理者アカウント^[?]

一般ユーザアカウント^[?]

フリーアカウント^[?]

不要^[?]

[攻撃成立に必要なユーザの関与]^[?]

複雑^[?]

簡単^[?]

不要^[?]

[攻撃の難易度]^[?]

高^[?]

中～高^[?]

低～中^[?]

低^[?]

[対策の有無]^[?]

公式パッチ有り^[?]

公式回避策有り^[?]

非公式回避策・パッチ有り^[?]

なし^[?]

[インシデントの発生状況]^[?]

活動なし^[?]

Exploit/PoCあり^[?]

活動あり^[?]

関連情報

参考情報

Common Vulnerabilities and Exposures (CVE) CVE-2009-2409

The Network Security Services (NSS) library before 3.12.3, as used inFirefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k;and other products support MD2 with X.509 certificates, which mightallow remote attackers to spoof certificates by using MD2 design flawsto generate a hash collision in less than brute-force time. NOTE: thescope of this issue is currently limited because the amount ofcomputation required is still large.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2408

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 donot properly handle a '\0' character in a domain name in the subject'sCommon Name (CN) field of an X.509 certificate, which allowsman-in-the-middle attackers to spoof arbitrary SSL servers via acrafted certificate issued by a legitimate CertificationAuthority. NOTE: this was originally reported for Firefox before 3.5.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2404

Heap-based buffer overflow in a regular-expression parser in MozillaNetwork Security Services (NSS) before 3.12.3, as used in Firefox,Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger(AIM), allows remote SSL servers to cause a denial of service(application crash) or possibly execute arbitrary code via a longdomain name in the subject's Common Name (CN) field of an X.509certificate, related to the cert_TestHostName function.

Common Vulnerabilities and Exposures (CVE) CVE-2009-1563

** REJECT **DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason:This candidate is a duplicate of CVE-2009-0689. Certain codebaserelationships were not originally clear. Notes: All CVE users shouldreference CVE-2009-0689 instead of this candidate. All references anddescriptions in this candidate have been removed to prevent accidentalusage.

Common Vulnerabilities and Exposures (CVE) CVE-2009-3274

Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable/tmp pathname for files selected from the Downloads window, whichallows local users to replace an arbitrary downloaded file by placinga file in a /tmp location before the download occurs, related to theDownload Manager component. NOTE: some of these details are obtainedfrom third party information.

Common Vulnerabilities and Exposures (CVE) CVE-2009-3370

Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remoteattackers to read form history by forging mouse and keyboard eventsthat leverage the auto-fill feature to populate form fields, in anattacker-readable form, with history entries.

Common Vulnerabilities and Exposures (CVE) CVE-2009-3372

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkeybefore 2.0, allows remote attackers to execute arbitrary code via acrafted regular expression in a Proxy Auto-configuration (PAC) file.

Common Vulnerabilities and Exposures (CVE) CVE-2009-3373

Heap-based buffer overflow in the GIF image parser in Mozilla Firefoxbefore 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allowsremote attackers to execute arbitrary code via unspecified vectors.

Common Vulnerabilities and Exposures (CVE) CVE-2009-3374

The XPCVariant::VariantDataToJS function in the XPCOM implementationin Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does notenforce intended restrictions on interaction between chrome privilegedcode and objects obtained from remote web sites, which allows remoteattackers to execute arbitrary JavaScript with chrome privileges viaunspecified method calls, related to "doubly-wrapped objects."

Common Vulnerabilities and Exposures (CVE) CVE-2009-3375

content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.xbefore 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remoteattackers to bypass the Same Origin Policy and read an arbitrarycontent selection via the document.getSelection function.

Common Vulnerabilities and Exposures (CVE) CVE-2009-3376

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkeybefore 2.0, does not properly handle a right-to-left override (aka RLOor U+202E) Unicode character in a download filename, which allowsremote attackers to spoof file extensions via a crafted filename, asdemonstrated by displaying a non-executable extension for anexecutable file.

Common Vulnerabilities and Exposures (CVE) CVE-2009-3380

Multiple unspecified vulnerabilities in the browser engine in MozillaFirefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remoteattackers to cause a denial of service (memory corruption andapplication crash) or possibly execute arbitrary code via unknownvectors.

Common Vulnerabilities and Exposures (CVE) CVE-2009-3382

layout/base/nsCSSFrameConstructor.cpp in the browser engine in MozillaFirefox 3.0.x before 3.0.15 does not properly handle first-letterframes, which allows remote attackers to cause a denial of service(memory corruption and application crash) or possibly executearbitrary code via unspecified vectors.