漏洞信息(CVE-2007-0008)

一、漏洞 CVE-2007-0008 基础信息

漏洞标题

N/A

来源：AIGC 神龙大模型

漏洞描述信息

"在Mozilla网络安全服务(NSS)支持的SSLv2中，在3.11.5之前，例如在Firefox 1.5.0.10和2.x之前，2.0.0.2之前，SeaMonkey 1.0.8之前，Thunderbird 1.5.0.10之前以及某些Sun Java System服务器产品20070611之前，通过构造 SSLv2 服务器消息，允许远程攻击者执行任意代码，其中包含的公钥太短，无法加密“核心秘密”，导致堆栈溢出。

来源：AIGC 神龙大模型

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

来源：AIGC 神龙大模型

漏洞类别

N/A

来源：AIGC 神龙大模型

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

Mozilla Firefox/SeaMonkey/Thunderbird多个远程安全漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Mozilla Firefox/SeaMonkey/Thunderbird都是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。网络安全服务(NSS)代码在处理SSLv2服务器消息时存在整数下溢错误。如果证书的公钥过小无法加密Master Secret的话，则用户使用了该证书就会触发堆溢出，导致执行任意代码。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

数字错误

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2007-0008 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2007-0008 的情报信息

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html x_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-1103 x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=364319 x_refsource_MISC
https://issues.rpath.com/browse/RPL-1081 x_refsource_CONFIRM
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html x_refsource_CONFIRM
http://secunia.com/advisories/24650 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24562 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24320 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25588 third-party-advisory x_refsource_SECUNIA
http://www.osvdb.org/32105 vdb-entry x_refsource_OSVDB
http://secunia.com/advisories/24293 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24238 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24456 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24342 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24287 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24522 third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/22694 vdb-entry x_refsource_BID
http://secunia.com/advisories/24205 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24389 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24410 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24333 third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/64758 vdb-entry x_refsource_BID
http://secunia.com/advisories/24290 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24455 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24457 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25597 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24703 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24395 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24328 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24253 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24406 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24384 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24252 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24343 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24277 third-party-advisory x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1 vendor-advisory x_refsource_SUNALERT
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1 vendor-advisory x_refsource_SUNALERT
http://www.securitytracker.com/id?1017696 vdb-entry x_refsource_SECTRACK
http://www.debian.org/security/2007/dsa-1336 vendor-advisory x_refsource_DEBIAN
http://www.kb.cert.org/vuls/id/377812 third-party-advisory x_refsource_CERT-VN
http://www.ubuntu.com/usn/usn-431-1 vendor-advisory x_refsource_UBUNTU
http://www.ubuntu.com/usn/usn-428-1 vendor-advisory x_refsource_UBUNTU
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 vendor-advisory x_refsource_HP
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc vendor-advisory x_refsource_SGI
http://www.vupen.com/english/advisories/2007/0718 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2141 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/0719 vdb-entry x_refsource_VUPEN
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc vendor-advisory x_refsource_SGI
http://www.vupen.com/english/advisories/2007/1165 vdb-entry x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2007-0079.html vendor-advisory x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2007-0078.html vendor-advisory x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2007-0077.html vendor-advisory x_refsource_REDHAT
http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml vendor-advisory x_refsource_GENTOO
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 vendor-advisory x_refsource_MANDRIVA
http://security.gentoo.org/glsa/glsa-200703-18.xml vendor-advisory x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2007-0097.html vendor-advisory x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052 vendor-advisory x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2007-0108.html vendor-advisory x_refsource_REDHAT
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947 vendor-advisory x_refsource_SLACKWARE
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 vendor-advisory x_refsource_SLACKWARE
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 vendor-advisory x_refsource_SLACKWARE
http://fedoranews.org/cms/node/2709 vendor-advisory x_refsource_FEDORA
http://fedoranews.org/cms/node/2711 vendor-advisory x_refsource_FEDORA
http://fedoranews.org/cms/node/2749 vendor-advisory x_refsource_FEDORA
http://fedoranews.org/cms/node/2747 vendor-advisory x_refsource_FEDORA
http://fedoranews.org/cms/node/2713 vendor-advisory x_refsource_FEDORA
http://fedoranews.org/cms/node/2728 vendor-advisory x_refsource_FEDORA
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html vendor-advisory x_refsource_SUSE
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html vendor-advisory x_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilities/32666 vdb-entry x_refsource_XF
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10502 vdb-entry signature x_refsource_OVAL
http://www.securityfocus.com/archive/1/461336/100/0/threaded mailing-list x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/461809/100/0/threaded mailing-list x_refsource_BUGTRAQ
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482 third-party-advisory x_refsource_IDEFENSE
https://nvd.nist.gov/vuln/detail/CVE-2007-0008

一、 漏洞 CVE-2007-0008 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2007-0008 的公开POC

三、漏洞 CVE-2007-0008 的情报信息

一、漏洞 CVE-2007-0008 基础信息