Vulnerabilità: CVE-2006-4340

Mozilla Network Security Service (NSS) libreria prima di 3.11.3, come quello usato in Mozilla Firefox prima di 1.5.0.7, Thunderbird 1.5.0.7, prima, e SeaMonkey 1.0.5 prima, quando si utilizza una chiave RSA con esponente 3, non gestire correttamente in più i dati in una firma, che consente agli aggressori remoti per le firme fucina di SSL / TLS ei certificati di posta elettronica, una vulnerabilità simile a CVE-2.006-4.339. NOTA: il 20061107, Mozilla ha rilasciato un advisory affermando che queste versioni non sono stati completamente modificati da MFSA2006-60. Le correzioni più recenti 1.5.0.7 sono coperti da CVE-2006-5462.


http://www.securityfocus.com/archive/1/446140/100/0/threaded
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
https://issues.rpath.com/browse/RPL-640
http://www.us.debian.org/security/2006/dsa-1191
http://www.debian.org/security/2006/dsa-1192
http://www.debian.org/security/2006/dsa-1210
http://security.gentoo.org/glsa/glsa-200609-19.xml
http://security.gentoo.org/glsa/glsa-200610-01.xml
http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
http://www.mandriva.com/security/advisories?name=MDKSA-2006:169
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007
http://www.redhat.com/support/errata/RHSA-2006-0675.html
http://www.redhat.com/support/errata/RHSA-2006-0676.html
http://www.redhat.com/support/errata/RHSA-2006-0677.html
http://securitytracker.com/id?1016858
http://securitytracker.com/id?1016859
http://securitytracker.com/id?1016860
http://secunia.com/advisories/21903
http://secunia.com/advisories/21906
http://secunia.com/advisories/21915
http://secunia.com/advisories/21916
http://secunia.com/advisories/21939
http://secunia.com/advisories/21940
http://secunia.com/advisories/21949
http://secunia.com/advisories/21950
http://secunia.com/advisories/22001
http://secunia.com/advisories/22025
http://secunia.com/advisories/22036
http://secunia.com/advisories/22044
http://secunia.com/advisories/22055
http://secunia.com/advisories/22056
http://secunia.com/advisories/22066
http://secunia.com/advisories/22074
http://secunia.com/advisories/22088
http://secunia.com/advisories/22195
http://secunia.com/advisories/22210
http://secunia.com/advisories/22226
http://secunia.com/advisories/22247
http://secunia.com/advisories/22274
http://secunia.com/advisories/22299
http://secunia.com/advisories/22342
http://secunia.com/advisories/22422
http://secunia.com/advisories/22446
http://secunia.com/advisories/22849
http://secunia.com/advisories/22992
http://secunia.com/advisories/23883
http://secunia.com/advisories/24711
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
http://www.novell.com/linux/security/advisories/2006_55_ssl.html
http://www.ubuntu.com/usn/usn-350-1
http://www.ubuntu.com/usn/usn-351-1
http://www.ubuntu.com/usn/usn-352-1
http://www.ubuntu.com/usn/usn-354-1
http://www.ubuntu.com/usn/usn-361-1
http://www.vupen.com/english/advisories/2006/3617
http://www.vupen.com/english/advisories/2006/3622
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/3899
http://www.vupen.com/english/advisories/2007/0293
http://www.vupen.com/english/advisories/2007/1198
http://www.vupen.com/english/advisories/2008/0083
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340


E' possibile lasciare un commento come utenti registrati al sito, accedendo tramite social, account wordpress oppure come utenti anonimi. Nel caso in cui si desideri lasciare un commento come utenti anonimi si verrà avvisati via email di un'eventuale risposta solo se si inserisce l'indirizzo email (facoltativo). L'inserimento di qualsiasi dato nei campi dei commenti è totalmente facoltativo. Chiunque decida di inserire un qualsiasi dato accetta il trattamento di questi ultimi per i fini inerenti al servizio ovvero la risposta al commento e le comunicazioni strettamente necessarie.


Rispondi