Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-3640

Published: 28 October 2011

** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."

Notes

AuthorNote
tyhicks
Only programs calling NSS_NoDB_Init() are affected.
Per Red Hat, most applications specify the path to the files rather
than calling NSS_NoDB_Init().
Among other mitigating factors, attacker must plant file in root of
current working directory.
The CVE description mentions Chrome being affected but it is only
affected on Windows and MacOS X. However, it is ultimately an NSS
bug and the versions of NSS that we ship look to be affected.
mdeslaur
Attacker needs to create files in /, which only root can do.
This isn't a security issue on Linux.

Priority

Low

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable
(MacOS X and Windows only)
maverick Not vulnerable
(MacOS X and Windows only)
natty Not vulnerable
(MacOS X and Windows only)
oneiric Not vulnerable
(MacOS X and Windows only)
precise Not vulnerable
(MacOS X and Windows only)
upstream Not vulnerable
(MacOS X and Windows only)
nss
Launchpad, Ubuntu, Debian
hardy Ignored
(end of life)
lucid Ignored
(end of life)
maverick Ignored
(end of life)
natty Ignored
(end of life)
oneiric Ignored
(end of life)
precise Not vulnerable
(3.13.1.with.ckbi.1.88-1ubuntu6)
upstream
Released (3.13)
Patches:
upstream: https://bugzilla.mozilla.org/attachment.cgi?id=564058
vendor: http://lists.debian.org/debian-security-announce/2011/msg00215.html
vendor: https://rhn.redhat.com/errata/RHSA-2011-1444.html