[NEWS] NSS Library Memory Leak DoS

From: SecuriTeam <support@xxxxxxxxxxxxxx>
Date: 26 Jun 2006 16:06:20 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

NSS Library Memory Leak DoS
------------------------------------------------------------------------

SUMMARY

" <http://www.mozilla.org/projects/security/pki/nss/> Network Security
Services (NSS) is a set of libraries designed to support cross-platform
development of security-enabled client and server applications. "

Improper handling of memory allocation can cause NSS to leak out memory
causing a DoS condition.

DETAILS

Vulnerable Systems:
* NSS version 3.10.2.0
* NSS version 3.9.3.0

Reportedly the Network Security Services (NSS) library will leak 256 bytes
of memory per RSA cryptographic operation. After a certain amount of time,
this causes the system to run out of memory and may lead to a system hang
or panic state.

Disclosure Timeline:
23-Jun-2006 - Vulnerability researched
26-Jun-2006 - Detailed research
26-Jun-2006 - Vendor and Netscape developers was contacted
26-Jun-2006 - Security companies and several CERT units contacted

ADDITIONAL INFORMATION

The information has been provided by <mailto:juha-matti.laurio@xxxxxxxx>
Juha-Matti Laurio.
Sun advisory:
<http://sunsolve.sun.com/search/document.do?assetkey=1-26-102461-1>
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102461-1

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Prev by Date: [NT] ADOdb Library for PHP XSS
Next by Date: [TOOL] lorcon - Loss of Radio Connectivity
Previous by thread: [NT] ADOdb Library for PHP XSS
Next by thread: [TOOL] lorcon - Loss of Radio Connectivity
Index(es):
- Date
- Thread

Relevant Pages

[Full-disclosure] [ GLSA 200610-06 ] Mozilla Network Security Service (NSS): RSA signature f
... Title: Mozilla Network Security Service (NSS): RSA signature ... The Mozilla Network Security Service is a library implementing security ... number of RSA signature implementations, ...
(Full-Disclosure)
[ GLSA 200610-06 ] Mozilla Network Security Service (NSS): RSA signature forgery
... Title: Mozilla Network Security Service (NSS): RSA signature ... The Mozilla Network Security Service is a library implementing security ... number of RSA signature implementations, ...
(Bugtraq)
[UNIX] Linux Kernel binfmt_elf ELF Loader Privilege Escalation
... Get your security news from a reliable source. ... or in other words to execute a new program. ... One of the Linux format loaders is the ELF (Executable and Linkable ... of the memory map header in the binary image and the program ...
(Securiteam)
[NEWS] Xbox 360 Hypervisor Privilege Escalation Vulnerability
... Get your security news from a reliable source. ... Xbox 360 Hypervisor Privilege Escalation Vulnerability ... access to memory and provides encryption and decryption services. ... to the syscall dispatcher, as illustrated below. ...
(Securiteam)
Re: Executable Memory in a Driver
... >> criminal to expose users to the added bluescreen and security risk. ... In a language that can't access outside an array, ... that doesn't need to move memory. ... > desired in the compiler. ...
(microsoft.public.development.device.drivers)