CVE-2011-3640 | Ubuntu

Description

Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
chromium-browser	12.04 LTS precise	Not affected
	11.10 oneiric	Not affected
	11.04 natty	Not affected
	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	8.04 LTS hardy	Not in release
nss	12.04 LTS precise	Not affected
	11.10 oneiric	Ignored end of life
	11.04 natty	Ignored end of life
	10.10 maverick	Ignored end of life
	10.04 LTS lucid	Ignored end of life
	8.04 LTS hardy	Ignored end of life

Notes

tyhicks

Only programs calling NSS_NoDB_Init() are affected. Per Red Hat, most applications specify the path to the files rather than calling NSS_NoDB_Init(). Among other mitigating factors, attacker must plant file in root of current working directory. The CVE description mentions Chrome being affected but it is only affected on Windows and MacOS X. However, it is ultimately an NSS bug and the versions of NSS that we ship look to be affected.

mdeslaur

Attacker needs to create files in /, which only root can do. This isn't a security issue on Linux.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
nss	Upstream: https://bugzilla.mozilla.org/attachment.cgi?id=564058 Vendor: http://lists.debian.org/debian-security-announce/2011/msg00215.html Vendor: https://rhn.redhat.com/errata/RHSA-2011-1444.html

References

Other references

https://www.cve.org/CVERecord?id=CVE-2011-3640