NVD脆弱性詳細

CVE-2007-0008

概要	Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.
公表日	2007年2月27日5:28
登録日	2021年1月29日14:04
最終更新日	2018年10月17日1:29

CVSS2.0 : MEDIUM
スコア	6.8
ベクター	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	はい
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox:0.1:::::::*
cpe:2.3:a:mozilla:firefox:0.2:::::::*
cpe:2.3:a:mozilla:firefox:0.3:::::::*
cpe:2.3:a:mozilla:firefox:0.4:::::::*
cpe:2.3:a:mozilla:firefox:0.5:::::::*
cpe:2.3:a:mozilla:firefox:0.6:::::::*
cpe:2.3:a:mozilla:firefox:0.6.1:::::::*
cpe:2.3:a:mozilla:firefox:0.7:::::::*
cpe:2.3:a:mozilla:firefox:0.7.1:::::::*
cpe:2.3:a:mozilla:firefox:0.8:::::::*
cpe:2.3:a:mozilla:firefox:0.9:::::::*
cpe:2.3:a:mozilla:firefox:0.9:rc::::::
cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
cpe:2.3:a:mozilla:firefox:0.10:::::::*
cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0:::::::*
cpe:2.3:a:mozilla:firefox:1.0:preview_release::::::
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.0.7:::::::*
cpe:2.3:a:mozilla:firefox:1.0.8:::::::*
cpe:2.3:a:mozilla:firefox:1.4.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::*
cpe:2.3:a:mozilla:firefox::::::::		1.5.0.9
cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::*
cpe:2.3:a:mozilla:firefox:2.0:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*
cpe:2.3:a:mozilla:network_security_services:3.11.2:::::::*
cpe:2.3:a:mozilla:network_security_services:3.11.3:::::::*
cpe:2.3:a:mozilla:network_security_services:3.11.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*
cpe:2.3:a:mozilla:seamonkey::::::::		1.0.7
cpe:2.3:a:mozilla:thunderbird:0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:0.7.1:::::::*
cpe:2.3:a:mozilla:thunderbird:0.7.2:::::::*
cpe:2.3:a:mozilla:thunderbird:0.7.3:::::::*
cpe:2.3:a:mozilla:thunderbird:0.8:::::::*
cpe:2.3:a:mozilla:thunderbird:0.9:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.8:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.8:::::::*
cpe:2.3:a:mozilla:thunderbird::::::::		1.5.0.9

関連情報、対策とツール

No	URL	refsource	タグ
1	ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc	SGI
2	ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc	SGI
3	http://fedoranews.org/cms/node/2709	FEDORA
4	http://fedoranews.org/cms/node/2711	FEDORA
5	http://fedoranews.org/cms/node/2713	FEDORA
6	http://fedoranews.org/cms/node/2728	FEDORA
7	http://fedoranews.org/cms/node/2747	FEDORA
8	http://fedoranews.org/cms/node/2749	FEDORA
9	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	HP
10	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482	IDEFENSE	Vendor Advisory
11	http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html	SUSE
12	http://rhn.redhat.com/errata/RHSA-2007-0077.html	REDHAT
13	http://secunia.com/advisories/24205	SECUNIA	Vendor Advisory
14	http://secunia.com/advisories/24238	SECUNIA	Vendor Advisory
15	http://secunia.com/advisories/24252	SECUNIA	Vendor Advisory
16	http://secunia.com/advisories/24253	SECUNIA	Vendor Advisory
17	http://secunia.com/advisories/24277	SECUNIA	Vendor Advisory
18	http://secunia.com/advisories/24287	SECUNIA	Vendor Advisory
19	http://secunia.com/advisories/24290	SECUNIA	Vendor Advisory
20	http://secunia.com/advisories/24293	SECUNIA	Vendor Advisory
21	http://secunia.com/advisories/24320	SECUNIA	Vendor Advisory
22	http://secunia.com/advisories/24328	SECUNIA	Vendor Advisory
23	http://secunia.com/advisories/24333	SECUNIA	Vendor Advisory
24	http://secunia.com/advisories/24342	SECUNIA
25	http://secunia.com/advisories/24343	SECUNIA	Vendor Advisory
26	http://secunia.com/advisories/24384	SECUNIA	Vendor Advisory
27	http://secunia.com/advisories/24389	SECUNIA	Vendor Advisory
28	http://secunia.com/advisories/24395	SECUNIA	Vendor Advisory
29	http://secunia.com/advisories/24406	SECUNIA
30	http://secunia.com/advisories/24410	SECUNIA	Vendor Advisory
31	http://secunia.com/advisories/24455	SECUNIA
32	http://secunia.com/advisories/24456	SECUNIA
33	http://secunia.com/advisories/24457	SECUNIA
34	http://secunia.com/advisories/24522	SECUNIA	Vendor Advisory
35	http://secunia.com/advisories/24562	SECUNIA	Vendor Advisory
36	http://secunia.com/advisories/24650	SECUNIA	Vendor Advisory
37	http://secunia.com/advisories/24703	SECUNIA	Vendor Advisory
38	http://secunia.com/advisories/25588	SECUNIA
39	http://secunia.com/advisories/25597	SECUNIA
40	http://security.gentoo.org/glsa/glsa-200703-18.xml	GENTOO
41	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131	SLACKWARE
42	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947	SLACKWARE
43	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851	SLACKWARE
44	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1	SUNALERT
45	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1	SUNALERT
46	http://www.debian.org/security/2007/dsa-1336	DEBIAN
47	http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml	GENTOO
48	http://www.kb.cert.org/vuls/id/377812	CERT-VN	US Government Resource
49	http://www.mandriva.com/security/advisories?name=MDKSA-2007:050	MANDRIVA
50	http://www.mandriva.com/security/advisories?name=MDKSA-2007:052	MANDRIVA
51	http://www.mozilla.org/security/announce/2007/mfsa2007-06.html	CONFIRM	Patch Vendor Advisory
52	http://www.novell.com/linux/security/advisories/2007_22_mozilla.html	SUSE
53	http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html	CONFIRM
54	http://www.osvdb.org/32105	OSVDB
55	http://www.redhat.com/support/errata/RHSA-2007-0078.html	REDHAT
56	http://www.redhat.com/support/errata/RHSA-2007-0079.html	REDHAT
57	http://www.redhat.com/support/errata/RHSA-2007-0097.html	REDHAT
58	http://www.redhat.com/support/errata/RHSA-2007-0108.html	REDHAT
59	http://www.securityfocus.com/archive/1/461336/100/0/threaded	BUGTRAQ
60	http://www.securityfocus.com/archive/1/461809/100/0/threaded	BUGTRAQ
61	http://www.securityfocus.com/bid/22694	BID
62	http://www.securityfocus.com/bid/64758	BID
63	http://www.securitytracker.com/id?1017696	SECTRACK
64	http://www.ubuntu.com/usn/usn-428-1	UBUNTU
65	http://www.ubuntu.com/usn/usn-431-1	UBUNTU
66	http://www.vupen.com/english/advisories/2007/0718	VUPEN
67	http://www.vupen.com/english/advisories/2007/0719	VUPEN
68	http://www.vupen.com/english/advisories/2007/1165	VUPEN
69	http://www.vupen.com/english/advisories/2007/2141	VUPEN
70	https://bugzilla.mozilla.org/show_bug.cgi?id=364319	MISC	Vendor Advisory
71	https://exchange.xforce.ibmcloud.com/vulnerabilities/32666	XF
72	https://issues.rpath.com/browse/RPL-1081	CONFIRM
73	https://issues.rpath.com/browse/RPL-1103	CONFIRM
74	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10502	OVAL

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox:0.1:::::::*
cpe:2.3:a:mozilla:firefox:0.2:::::::*
cpe:2.3:a:mozilla:firefox:0.3:::::::*
cpe:2.3:a:mozilla:firefox:0.4:::::::*
cpe:2.3:a:mozilla:firefox:0.5:::::::*
cpe:2.3:a:mozilla:firefox:0.6:::::::*
cpe:2.3:a:mozilla:firefox:0.6.1:::::::*
cpe:2.3:a:mozilla:firefox:0.7:::::::*
cpe:2.3:a:mozilla:firefox:0.7.1:::::::*
cpe:2.3:a:mozilla:firefox:0.8:::::::*
cpe:2.3:a:mozilla:firefox:0.9:::::::*
cpe:2.3:a:mozilla:firefox:0.9:rc::::::
cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
cpe:2.3:a:mozilla:firefox:0.10:::::::*
cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0:::::::*
cpe:2.3:a:mozilla:firefox:1.0:preview_release::::::
cpe:2.3:a:mozilla:firefox:1.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.0.7:::::::*
cpe:2.3:a:mozilla:firefox:1.0.8:::::::*
cpe:2.3:a:mozilla:firefox:1.4.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::*
cpe:2.3:a:mozilla:firefox::::::::		1.5.0.9
cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::*
cpe:2.3:a:mozilla:firefox:2.0:::::::*
cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*
cpe:2.3:a:mozilla:network_security_services:3.11.2:::::::*
cpe:2.3:a:mozilla:network_security_services:3.11.3:::::::*
cpe:2.3:a:mozilla:network_security_services:3.11.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*
cpe:2.3:a:mozilla:seamonkey::::::::		1.0.7
cpe:2.3:a:mozilla:thunderbird:0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:0.7.1:::::::*
cpe:2.3:a:mozilla:thunderbird:0.7.2:::::::*
cpe:2.3:a:mozilla:thunderbird:0.7.3:::::::*
cpe:2.3:a:mozilla:thunderbird:0.8:::::::*
cpe:2.3:a:mozilla:thunderbird:0.9:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:1.0.8:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.8:::::::*
cpe:2.3:a:mozilla:thunderbird::::::::		1.5.0.9