CVE-2011-3640

Published: 28 October 2011

** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."

Priority

Low

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(MacOS X and Windows only)
nss
Launchpad, Ubuntu, Debian
Upstream
Released (3.13)
Patches:
Upstream: https://bugzilla.mozilla.org/attachment.cgi?id=564058
Vendor: http://lists.debian.org/debian-security-announce/2011/msg00215.html
Vendor: https://rhn.redhat.com/errata/RHSA-2011-1444.html

Notes

AuthorNote
tyhicks
Only programs calling NSS_NoDB_Init() are affected.
Per Red Hat, most applications specify the path to the files rather
than calling NSS_NoDB_Init().
Among other mitigating factors, attacker must plant file in root of
current working directory.
The CVE description mentions Chrome being affected but it is only
affected on Windows and MacOS X. However, it is ultimately an NSS
bug and the versions of NSS that we ship look to be affected.
mdeslaur
Attacker needs to create files in /, which only root can do.
This isn't a security issue on Linux.

References

Bugs