PT-2013-5676 · Mozilla+4 · Network Security Services+4

Publicado

2013-11-15

·

Atualizado

2018-10-09

·

CVE-2013-5606

CVSS v2.0

5.8

Média

VetorAV:N/AC:M/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Mozilla Network Security Services (NSS) versions 3.15 through 3.15.2
Description The issue is related to the CERT VerifyCert function in lib/certhigh/certvfy.c, which provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid. This might allow remote attackers to bypass intended access restrictions via a crafted certificate.
Recommendations For Mozilla Network Security Services (NSS) versions 3.15 through 3.15.2, update to version 3.15.3 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

ALT-PU-2013-1148
CESA-2013_1829
CVE-2013-5606
DLA-23-1
DSA-2994-1
MGASA-2013-0337
RHSA-2013:1791
RHSA-2013:1829
RHSA-2013_1791
RHSA-2013_1829
RHSA-2014:0041

Produtos afetados

Alt Linux
Centos
Network Security Services
Red Hat
Suse