漏洞信息(CVE-2007-0009)

一、漏洞 CVE-2007-0009 基础信息

漏洞标题

N/A

来源：AIGC 神龙大模型

漏洞描述信息

## 漏洞概述 SSLv2支持中存在基于堆栈的缓冲区溢出漏洞，影响Mozilla Network Security Services (NSS) 早期版本。该漏洞允许远程攻击者通过无效的"Client Master Key"长度值执行任意代码。 ## 影响版本 - Mozilla Network Security Services (NSS) 3.11.5之前的版本 - Firefox 1.5.0.10之前的1.x版本，2.0.0.2之前的2.x版本 - Thunderbird 1.5.0.10之前的版本 - SeaMonkey 1.0.8之前的版本 - 某些Sun Java System服务器产品20070611之前的版本 ## 漏洞细节该漏洞源于SSLv2支持中的缓冲区溢出问题，当处理无效的"Client Master Key"长度值时，可能导致越界写入堆栈缓冲区。攻击者可以利用此漏洞植入恶意代码并执行远程代码。 ## 影响远程攻击者可以利用此漏洞执行任意代码，可能导致系统控制权的丧失及其他安全风险。

来源：AIGC 神龙大模型

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

来源：AIGC 神龙大模型

漏洞类别

N/A

来源：AIGC 神龙大模型

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

Mozilla Network Security Services 缓冲区错误漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Mozilla Firefox/SeaMonkey/Thunderbird都是Mozilla发布的WEB浏览器和邮件新闻组客户端产品。 Mozilla Network Security Services 3.11.5之前版本中存在缓冲区错误漏洞。攻击者可利用该漏洞执行任意代码。以下产品及版本受到影响：Mozilla Firefox 1.5.0.10之前的1.5.x版本，2.0.0.2之前的2.0.0.x版本；Thunderbird 1.5.0.10之前版本；SeaMonkey 1.0.8之前版本；Debi

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

缓冲区错误

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2007-0009 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2007-0009 的情报信息

https://issues.rpath.com/browse/RPL-1103 x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=364323 x_refsource_MISC
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html x_refsource_CONFIRM
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html x_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-1081 x_refsource_CONFIRM
http://secunia.com/advisories/24410 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24287 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24343 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24342 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24456 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24293 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24389 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24253 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24333 third-party-advisory x_refsource_SECUNIA
http://www.osvdb.org/32106 vdb-entry x_refsource_OSVDB
http://secunia.com/advisories/24650 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25588 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24457 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24406 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24384 third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/64758 vdb-entry x_refsource_BID
http://secunia.com/advisories/24277 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24290 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24455 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24522 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24395 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24703 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25597 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/24562 third-party-advisory x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1 vendor-advisory x_refsource_SUNALERT
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1 vendor-advisory x_refsource_SUNALERT
http://www.securitytracker.com/id?1017696 vdb-entry x_refsource_SECTRACK
http://www.debian.org/security/2007/dsa-1336 vendor-advisory x_refsource_DEBIAN
http://www.ubuntu.com/usn/usn-428-1 vendor-advisory x_refsource_UBUNTU
http://www.kb.cert.org/vuls/id/592796 third-party-advisory x_refsource_CERT-VN
http://www.ubuntu.com/usn/usn-431-1 vendor-advisory x_refsource_UBUNTU
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 vendor-advisory x_refsource_HP
http://www.vupen.com/english/advisories/2007/2141 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/0718 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/1165 vdb-entry x_refsource_VUPEN
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc vendor-advisory x_refsource_SGI
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc vendor-advisory x_refsource_SGI
http://www.vupen.com/english/advisories/2007/0719 vdb-entry x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2007-0079.html vendor-advisory x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 vendor-advisory x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2007-0077.html vendor-advisory x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2007-0078.html vendor-advisory x_refsource_REDHAT
http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml vendor-advisory x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2007-0108.html vendor-advisory x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-200703-18.xml vendor-advisory x_refsource_GENTOO
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052 vendor-advisory x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2007-0097.html vendor-advisory x_refsource_REDHAT
http://fedoranews.org/cms/node/2711 vendor-advisory x_refsource_FEDORA
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 vendor-advisory x_refsource_SLACKWARE
http://fedoranews.org/cms/node/2709 vendor-advisory x_refsource_FEDORA
http://fedoranews.org/cms/node/2747 vendor-advisory x_refsource_FEDORA
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851 vendor-advisory x_refsource_SLACKWARE
http://fedoranews.org/cms/node/2749 vendor-advisory x_refsource_FEDORA
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947 vendor-advisory x_refsource_SLACKWARE
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html vendor-advisory x_refsource_SUSE
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html vendor-advisory x_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilities/32663 vdb-entry x_refsource_XF
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174 vdb-entry signature x_refsource_OVAL
http://www.securityfocus.com/archive/1/461336/100/0/threaded mailing-list x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/461809/100/0/threaded mailing-list x_refsource_BUGTRAQ
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483 third-party-advisory x_refsource_IDEFENSE
https://nvd.nist.gov/vuln/detail/CVE-2007-0009

一、 漏洞 CVE-2007-0009 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2007-0009 的公开POC

三、漏洞 CVE-2007-0009 的情报信息

一、漏洞 CVE-2007-0009 基础信息