Details of VAR-201603-0244

ID

VAR-201603-0244

CVE

CVE-2016-1950

TITLE

Mozilla Firefox Used in Network Security Services Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-001841

DESCRIPTION

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. Both Mozilla Firefox and Firefox ESR are developed by the Mozilla Foundation in the United States. The following products and versions are affected: Mozilla Firefox prior to 45.0, Firefox ESR prior to 38.7 38.x, Mozilla NSS prior to 3.19.2.3, 3.20.x, 3.21.1 prior to 3.21.x. CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data encrypted with Transport Layer Security (TLS). CVE-2015-7181 CVE-2015-7182 CVE-2016-1950 Tyson Smith, David Keeler, and Francis Gabriel discovered heap-based buffer overflows in the ASN.1 DER parser, potentially leading to arbitrary code execution. CVE-2015-7575 Karthikeyan Bhargavan discovered that TLS client implementation accepted MD5-based signatures for TLS 1.2 connections with forward secrecy, weakening the intended security strength of TLS connections. CVE-2016-1938 Hanno Boeck discovered that NSS miscomputed the result of integer division for certain inputs. This could weaken the cryptographic protections provided by NSS. However, NSS implements RSA-CRT leak hardening, so RSA private keys are not directly disclosed by this issue. CVE-2016-1978 Eric Rescorla discovered a user-after-free vulnerability in the implementation of ECDH-based TLS handshakes, with unknown consequences. CVE-2016-1979 Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER processing, with application-specific impact. CVE-2016-2834 Tyson Smith and Jed Davis discovered unspecified memory-safety bugs in NSS. In addition, the NSS library did not ignore environment variables in processes which underwent a SUID/SGID/AT_SECURE transition at process start. In certain system configurations, this allowed local users to escalate their privileges. For the stable distribution (jessie), these problems have been fixed in version 2:3.26-1+debu8u1. For the unstable distribution (sid), these problems have been fixed in version 2:3.23-1. We recommend that you upgrade your nss packages. 5 client) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: nss-util security update Advisory ID: RHSA-2016:0370-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0370.html Issue date: 2016-03-09 CVE Names: CVE-2016-1950 ===================================================================== 1. Summary: Updated nss-util packages that fix one security issue are now available for Red Hat Enterprise 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2016-1950) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter. All nss-util users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the nss and nss-util library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1310509 - CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm x86_64: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm ppc64: nss-util-3.19.1-5.el6_7.ppc.rpm nss-util-3.19.1-5.el6_7.ppc64.rpm nss-util-debuginfo-3.19.1-5.el6_7.ppc.rpm nss-util-debuginfo-3.19.1-5.el6_7.ppc64.rpm nss-util-devel-3.19.1-5.el6_7.ppc.rpm nss-util-devel-3.19.1-5.el6_7.ppc64.rpm s390x: nss-util-3.19.1-5.el6_7.s390.rpm nss-util-3.19.1-5.el6_7.s390x.rpm nss-util-debuginfo-3.19.1-5.el6_7.s390.rpm nss-util-debuginfo-3.19.1-5.el6_7.s390x.rpm nss-util-devel-3.19.1-5.el6_7.s390.rpm nss-util-devel-3.19.1-5.el6_7.s390x.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm ppc64: nss-util-3.19.1-9.el7_2.ppc.rpm nss-util-3.19.1-9.el7_2.ppc64.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc64.rpm nss-util-devel-3.19.1-9.el7_2.ppc.rpm nss-util-devel-3.19.1-9.el7_2.ppc64.rpm ppc64le: nss-util-3.19.1-9.el7_2.ppc64le.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc64le.rpm nss-util-devel-3.19.1-9.el7_2.ppc64le.rpm s390x: nss-util-3.19.1-9.el7_2.s390.rpm nss-util-3.19.1-9.el7_2.s390x.rpm nss-util-debuginfo-3.19.1-9.el7_2.s390.rpm nss-util-debuginfo-3.19.1-9.el7_2.s390x.rpm nss-util-devel-3.19.1-9.el7_2.s390.rpm nss-util-devel-3.19.1-9.el7_2.s390x.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1950 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/advisories/mfsa2016-36 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW3580XlSAg2UNWIIRAovDAJwKx54WxiK95+n4U/9G+nDl0wRlYwCeM1lR iGa2ZA5NBkpEYzNEuWdBT74= =dxl7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . From: Chris Coulson <chris.coulson@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <ddfb479b-517b-e545-310d-f41a8e0b992a@canonical.com> Subject: [USN-2917-3] Firefox regressions ============================================================================ Ubuntu Security Notice USN-2917-3 April 19, 2016 firefox regressions ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: USN-2917-1 introduced several regressions in Firefox. Software Description: - firefox: Mozilla Open Source web browser Details: USN-2917-1 fixed vulnerabilities in Firefox. This update caused several web compatibility regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. (CVE-2016-1950) Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jyl=C3=A4nki discovered multiple memory safety issues in Firefox. (CVE-2016-1952, CVE-2016-1953) Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954) Muneaki Nishimura discovered that CSP violation reports contained full paths for cross-origin iframe navigations. An attacker could potentially exploit this to steal confidential data. (CVE-2016-1955) Ucha Gobejishvili discovered that performing certain WebGL operations resulted in memory resource exhaustion with some Intel GPUs, requiring a reboot. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-1956) Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957) Abdulrahman Alqabandi discovered that the addressbar could be blank or filled with page defined content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958) Looben Yang discovered an out-of-bounds read in Service Worker Manager. (CVE-2016-1959) A use-after-free was discovered in the HTML5 string parser. (CVE-2016-1960) A use-after-free was discovered in the SetBody function of HTMLDocument. (CVE-2016-1961) Dominique Haza=C3=ABl-Massieux discovered a use-after-free when using multiple WebRTC data channels. (CVE-2016-1962) It was discovered that Firefox crashes when local files are modified whilst being read by the FileReader API. (CVE-2016-1963) Nicolas Gr=C3=A9goire discovered a use-after-free during XML transformations. (CVE-2016-1964) Tsubasa Iinuma discovered a mechanism to cause the addressbar to display an incorrect URL, using history navigations and the Location protocol property. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1965) A memory corruption issues was discovered in the NPAPI subsystem. (CVE-2016-1966) Jordi Chancel discovered a same-origin-policy bypass when using performance.getEntries and history navigation with session restore. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential data. (CVE-2016-1967) Luke Li discovered a buffer overflow during Brotli decompression in some circumstances. (CVE-2016-1968) Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC. (CVE-2016-1973) Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. (CVE-2016-1974) Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: firefox 45.0.2+build1-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: firefox 45.0.2+build1-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: firefox 45.0.2+build1-0ubuntu0.12.04.1 After a standard system update you need to restart Firefox to make all the necessary changes

Trust: 2.25

sources: NVD: CVE-2016-1950 // JVNDB: JVNDB-2016-001841 // VULHUB: VHN-90769 // PACKETSTORM: 139002 // PACKETSTORM: 136826 // PACKETSTORM: 136148 // PACKETSTORM: 136133 // PACKETSTORM: 136131 // PACKETSTORM: 136723

AFFECTED PRODUCTS

vendor:	oracle	model:	iplanet web proxy server	scope:	eq	version:	4.0	Trust: 1.8
vendor:	oracle	model:	iplanet web server	scope:	eq	version:	7.0	Trust: 1.8
vendor:	oracle	model:	glassfish server	scope:	eq	version:	2.1.1	Trust: 1.8
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.20.1	Trust: 1.6
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.20	Trust: 1.6
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.21	Trust: 1.6
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.19.2	Trust: 1.6
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.2.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	lte	version:	44.0.2	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.6.1	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lte	version:	2.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.2.1	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lte	version:	9.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.1.0	Trust: 1.0
vendor:	oracle	model:	vm server	scope:	eq	version:	3.2	Trust: 1.0
vendor:	oracle	model:	linux	scope:	eq	version:	7	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	9.2.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.0.5	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.3.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.1.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.4.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.3	Trust: 1.0
vendor:	oracle	model:	linux	scope:	eq	version:	5.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.0.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.5.1	Trust: 1.0
vendor:	oracle	model:	linux	scope:	eq	version:	6	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.6.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.5.0	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	(ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	(apple watch sport)	Trust: 0.8
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.21.1	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11 to 10.11.3	Trust: 0.8
vendor:	oracle	model:	vm server	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	tvos	scope:	eq	version:	9.2	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	(apple watch edition)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	eq	version:	2.2	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	(apple watch hermes)	Trust: 0.8
vendor:	mozilla	model:	network security services	scope:	lt	version:	3.21.x	Trust: 0.8
vendor:	mozilla	model:	firefox esr	scope:	eq	version:	38.7	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	(iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	(ipod touch first 5 after generation )	Trust: 0.8
vendor:	oracle	model:	linux	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	(apple watch)	Trust: 0.8
vendor:	opensuse	model:	opensuse	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.8
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.20.x	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	(apple tv first 4 generation )	Trust: 0.8
vendor:	mozilla	model:	firefox esr	scope:	lt	version:	38.x	Trust: 0.8

sources: JVNDB: JVNDB-2016-001841 // CNNVD: CNNVD-201603-136 // NVD: CVE-2016-1950

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1950
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1950
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201603-136
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90769
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1950
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90769
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1950
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90769 // JVNDB: JVNDB-2016-001841 // CNNVD: CNNVD-201603-136 // NVD: CVE-2016-1950

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-90769 // JVNDB: JVNDB-2016-001841 // NVD: CVE-2016-1950

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 136148 // CNNVD: CNNVD-201603-136

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201603-136

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001841

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-90769

PATCH

title:	APPLE-SA-2016-03-21-1 iOS 9.3	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html	Trust: 0.8
title:	APPLE-SA-2016-03-21-2 watchOS 2.2	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html	Trust: 0.8
title:	APPLE-SA-2016-03-21-3 tvOS 9.2	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html	Trust: 0.8
title:	APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	Trust: 0.8
title:	HT206168	url:	https://support.apple.com/en-us/HT206168	Trust: 0.8
title:	HT206169	url:	https://support.apple.com/en-us/HT206169	Trust: 0.8
title:	HT206166	url:	https://support.apple.com/en-us/HT206166	Trust: 0.8
title:	HT206167	url:	https://support.apple.com/en-us/HT206167	Trust: 0.8
title:	HT206166	url:	http://support.apple.com/ja-jp/HT206166	Trust: 0.8
title:	HT206167	url:	http://support.apple.com/ja-jp/HT206167	Trust: 0.8
title:	HT206168	url:	http://support.apple.com/ja-jp/HT206168	Trust: 0.8
title:	HT206169	url:	http://support.apple.com/ja-jp/HT206169	Trust: 0.8
title:	NSS 3.19.2.3 release notes	url:	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes	Trust: 0.8
title:	NSS 3.21.1 release notes	url:	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes	Trust: 0.8
title:	MFSA2016-35	url:	http://www.mozilla.org/security/announce/2016/mfsa2016-35.html	Trust: 0.8
title:	MFSA2016-35	url:	http://www.mozilla-japan.org/security/announce/2016/mfsa2016-35.html	Trust: 0.8
title:	openSUSE-SU-2016:1557	url:	https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - October 2016	url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices	url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html	Trust: 0.8
title:	Oracle Linux Bulletin - January 2016	url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Trust: 0.8
title:	Oracle VM Server for x86 Bulletin - July 2016	url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Trust: 0.8
title:	October 2016 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/october_2016_critical_patch_update	Trust: 0.8
title:	Mozilla Firefox and Firefox ESR Network Security Services Fixes for heap-based buffer overflow vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60496	Trust: 0.6

sources: JVNDB: JVNDB-2016-001841 // CNNVD: CNNVD-201603-136

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1950	Trust: 3.1
db:	BID	id:	84223	Trust: 1.7
db:	SECTRACK	id:	1035215	Trust: 1.7
db:	JVN	id:	JVNVU97668313	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001841	Trust: 0.8
db:	CNNVD	id:	CNNVD-201603-136	Trust: 0.7
db:	PACKETSTORM	id:	136148	Trust: 0.2
db:	PACKETSTORM	id:	136131	Trust: 0.2
db:	PACKETSTORM	id:	136826	Trust: 0.2
db:	PACKETSTORM	id:	136133	Trust: 0.2
db:	PACKETSTORM	id:	136723	Trust: 0.2
db:	PACKETSTORM	id:	136146	Trust: 0.1
db:	PACKETSTORM	id:	136614	Trust: 0.1
db:	PACKETSTORM	id:	136304	Trust: 0.1
db:	PACKETSTORM	id:	136152	Trust: 0.1
db:	PACKETSTORM	id:	136394	Trust: 0.1
db:	VULHUB	id:	VHN-90769	Trust: 0.1
db:	PACKETSTORM	id:	139002	Trust: 0.1

sources: VULHUB: VHN-90769 // JVNDB: JVNDB-2016-001841 // PACKETSTORM: 139002 // PACKETSTORM: 136826 // PACKETSTORM: 136148 // PACKETSTORM: 136133 // PACKETSTORM: 136131 // PACKETSTORM: 136723 // CNNVD: CNNVD-201603-136 // NVD: CVE-2016-1950

REFERENCES

url:	http://www.securityfocus.com/bid/84223	Trust: 2.3
url:	http://www.debian.org/security/2016/dsa-3510	Trust: 2.3
url:	http://www.debian.org/security/2016/dsa-3520	Trust: 2.3
url:	http://www.debian.org/security/2016/dsa-3688	Trust: 2.3
url:	http://www.ubuntu.com/usn/usn-2917-1	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-2917-3	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-2924-1	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-2934-1	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html	Trust: 1.7
url:	http://www.mozilla.org/security/announce/2016/mfsa2016-35.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Trust: 1.7
url:	https://bto.bluecoat.com/security-advisory/sa119	Trust: 1.7
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1245528	Trust: 1.7
url:	https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.19.2.3_release_notes	Trust: 1.7
url:	https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.21.1_release_notes	Trust: 1.7
url:	https://support.apple.com/ht206166	Trust: 1.7
url:	https://support.apple.com/ht206167	Trust: 1.7
url:	https://support.apple.com/ht206168	Trust: 1.7
url:	https://support.apple.com/ht206169	Trust: 1.7
url:	https://security.gentoo.org/glsa/201605-06	Trust: 1.7
url:	http://rhn.redhat.com/errata/rhsa-2016-0495.html	Trust: 1.7
url:	http://www.securitytracker.com/id/1035215	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-2917-2	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1950	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97668313/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1950	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1950	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1957	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2795	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1974	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2794	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2798	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2796	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1961	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2797	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2793	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1954	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1964	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2799	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1960	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2800	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2801	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1966	Trust: 0.2
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-1950	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.2
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2016-36	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2834	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1979	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1938	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7182	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1978	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4000	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7181	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7575	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.12.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2791	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.14.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1977	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2792	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2802	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.15.10.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2790	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1952	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.14.04.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.15.10.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.12.04.3	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2016-0371.html	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2016-0370.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1955	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1965	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/firefox/45.0.2+build1-0ubuntu0.12.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1953	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/firefox/45.0.2+build1-0ubuntu0.14.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1958	Trust: 0.1
url:	https://launchpad.net/bugs/1572169	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1956	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/firefox/45.0.2+build1-0ubuntu0.15.10.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1968	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1967	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1973	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1962	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1963	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1959	Trust: 0.1

CREDITS

Ubuntu

Trust: 0.3

sources: PACKETSTORM: 136826 // PACKETSTORM: 136148 // PACKETSTORM: 136723

SOURCES

db:	VULHUB	id:	VHN-90769
db:	JVNDB	id:	JVNDB-2016-001841
db:	PACKETSTORM	id:	139002
db:	PACKETSTORM	id:	136826
db:	PACKETSTORM	id:	136148
db:	PACKETSTORM	id:	136133
db:	PACKETSTORM	id:	136131
db:	PACKETSTORM	id:	136723
db:	CNNVD	id:	CNNVD-201603-136
db:	NVD	id:	CVE-2016-1950

LAST UPDATE DATE

2025-04-04T22:15:39.631000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90769	date:	2019-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2016-001841	date:	2016-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201603-136	date:	2019-12-30T00:00:00
db:	NVD	id:	CVE-2016-1950	date:	2024-11-21T02:47:24.970

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90769	date:	2016-03-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-001841	date:	2016-03-24T00:00:00
db:	PACKETSTORM	id:	139002	date:	2016-10-06T20:59:47
db:	PACKETSTORM	id:	136826	date:	2016-04-28T00:01:48
db:	PACKETSTORM	id:	136148	date:	2016-03-10T14:56:40
db:	PACKETSTORM	id:	136133	date:	2016-03-09T15:26:06
db:	PACKETSTORM	id:	136131	date:	2016-03-09T15:25:30
db:	PACKETSTORM	id:	136723	date:	2016-04-19T22:52:37
db:	CNNVD	id:	CNNVD-201603-136	date:	2016-03-11T00:00:00
db:	NVD	id:	CVE-2016-1950	date:	2016-03-13T18:59:00.193