Executive Summary

Summary
Title Updated mozilla packages fix a buffer overflow
Informations
Name RHSA-2005:038 First vendor Publication 2005-01-13
Vendor RedHat Last vendor Modification 2005-01-13
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated mozilla packages that fix a buffer overflow issue are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

iSEC Security Research has discovered a buffer overflow bug in the way Mozilla handles NNTP URLs. If a user visits a malicious web page or is convinced to click on a malicious link, it may be possible for an attacker to execute arbitrary code on the victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1316 to this issue.

Users of Mozilla should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

143994 - CAN-2004-1316 buffer overflow in mozilla

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2005-038.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:100052
 
Oval ID: oval:org.mitre.oval:def:100052
Title: Mozilla Malicious news: Vulnerability
Description: Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.
Family: windows Class: vulnerability
Reference(s): CVE-2004-1316
 Version: 5
Platform(s): Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
 Product(s): mozilla
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9808
 
Oval ID: oval:org.mitre.oval:def:9808
Title: Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.
Description: Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.
Family: unix Class: vulnerability
Reference(s): CVE-2004-1316
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 22

OpenVAS Exploits

Date Description
2009-05-05 Name : HP-UX Update for Mozilla remote HPSBUX01133
File : nvt/gb_hp_ux_HPSBUX01133.nasl
2008-09-04 Name : mozilla -- heap overflow in NNTP handler
File : nvt/freebsd_de-netscape7.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
12637 Mozilla nsNNTPProtocol.cpp NNTP news:// URI Handling Overflow DoS

Mozilla contains a flaw that may allow a malicious user to crash the application. The issue is triggered when a user sends a specially crafted, overly long "news://" URI. causing a buffer overflow within the 'MSG_UnEscapeSearchUrl()' function within "nsNNTPProtocol.cpp" occurs. It is possible that the flaw may allow an attacker to crash mozilla resulting in a loss of availability.

Snort® IPS/IDS

Date Description
2014-01-10 Mozilla NNTP URL Handling Buffer Overflow attempt
RuleID : 17482 - Revision : 13 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2005-07-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_3fbf9db2658b11d9abad000a95bc6fae.nasl - Type : ACT_GATHER_INFO
2005-03-25 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-335.nasl - Type : ACT_GATHER_INFO
2005-01-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2005-038.nasl - Type : ACT_GATHER_INFO
2005-01-02 Name : A web browser on the remote host is prone to a heap overflow attack.
File : mozilla_nntp_heap_overflow.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:48:55
  • Multiple Updates