Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2594 nss -- Use-after-free in TLS 1.2 generating handshake hashes 13 October 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: nss Publisher: FreeBSD Operating System: FreeBSD Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-7805 Reference: ASB-2017.0155 ESB-2017.2571 ESB-2017.2559 ESB-2017.2551 Original Bulletin: http://www.vuxml.org/freebsd/e71fd9d3-af47-11e7-a633-009c02a2ab30.html - --------------------------BEGIN INCLUDED TEXT-------------------- nss -- Use-after-free in TLS 1.2 generating handshake hashes Affected packages 3.32 <= linux-c6-nss < 3.32.1 3.28 <= linux-c6-nss < 3.28.6 3.32 <= linux-c7-nss < 3.32.1 3.28 <= linux-c7-nss < 3.28.6 3.32 <= nss < 3.32.1 3.28 <= nss < 3.28.6 Details VuXML ID e71fd9d3-af47-11e7-a633-009c02a2ab30 Discovery 2017-08-04 Entry 2017-10-12 Mozilla reports: During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. References CVE Name CVE-2017-7805 URL https://hg.mozilla.org/projects/nss/rev/2d7b65b72290 URL https://hg.mozilla.org/projects/nss/rev/d3865e2957d0 URL https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWeBSlYx+lLeg9Ub1AQiWIRAAodcp3j7fTH8LwUna5sVe/BOAy7EwBVtw tKmfJq1SFyYxiijZIn/N7hlRC+17YKSq5ZsGW/2sNW6yvTA1eQ87ZpSI/DwA79Kc HVbIPe2jqTtIGmuSpKabIb1rlM8xsBTwjNr+MXNt7sY1wZokGok0S13F2oGkEsiD fTnReHljaxYMnYvIxYDhsUSHhecRSgFT9uTKEggKi+S6bAuXXTE6CHuJRaS4fnLJ b9cnPNKn5X6rqqn7FnAT0vAEKs+K7YHvl3OlI1IpjFT4hJP15y4a3loVu5J9ph4U CyOaJ2f99t1bi2p/sWKPcNFDKUFg1xc8kirJzDfanDGMqsJsHoa0sHTQpUIdDRsJ WUMzTrxm6Fe/KC/v0Ykj2AZpLrpkFYPJqyMZMTGrmDeSvHvzQ5uLvzJJt4ZMABxA Hm83L6DDU6PeeIWoxfsHwGVvyUYZEbjkxTbq6RnkIfgJYSB0Q1vX2XNuq9mshh3I L0UjHABlprrOk1VCUer+pYx8ChlEbHtftVpleuEGQfqSSCrO2BNVM4yidWdaea8z wA6LfaH9dRjfStvAmh6YQ4hVz7ZSjAK8ub/Ruqy8Byv5V/o3bpgcSw6nMayiOSNP ThC/FKKV1GpiUPg8aMvCM5XJi+wBK3+CEJ4NJ7DdzRCRR4W1G8GlDC9Zmhc9V6TJ QKWPrqwhtjI= =MDkT -----END PGP SIGNATURE-----