Main Vulnerability Database SB2011111804

SB2011111804 - Untrusted search path in nss (Alpine package)

Published: November 18, 2011

Security Bulletin ID SB2011111804

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Untrusted search path (CVE-ID: CVE-2011-3640)

The vulnerability allows a remote #AU# to execute arbitrary code.

** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=9abcd899b8e98b5c862f44331591f9d64fefaff5
https://git.alpinelinux.org/aports/commit/?id=7949eba01b305bbf4ad50858aa1e56d6a92ee933
https://git.alpinelinux.org/aports/commit/?id=4f73d2d7b4f2ba743c47e8be0248da03661af1d7