CVE-2011-3640

NameCVE-2011-3640
Description** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2339-1
NVD severityhigh (attack range: remote, user-initiated)
Debian Bugs647614
Debian/oldstablepackage chromium-browser is vulnerable; however, the security impact is unimportant.
Debian/stablepackage chromium-browser is vulnerable; however, the security impact is unimportant.
Debian/testingpackage chromium-browser is vulnerable; however, the security impact is unimportant.
Debian/unstablepackage chromium-browser is vulnerable; however, the security impact is unimportant.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)squeeze (security), squeeze6.0.472.63~r59945-5+squeeze6vulnerable
wheezy, wheezy (security)37.0.2062.120-1~deb7u1vulnerable
jessie, sid41.0.2272.76-2vulnerable
nss (PTS)squeeze (security), squeeze3.12.8-1+squeeze7fixed
squeeze (lts)3.12.8-1+squeeze11fixed
wheezy2:3.14.5-1+deb7u3fixed
wheezy (security)2:3.14.5-1+deb7u4fixed
jessie, sid2:3.17.2-1.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)(unfixed)unimportant
nsssource(unstable)3.13.1.with.ckbi.1.88-1low647614
nsssourcelenny3.12.3.1-0lenny7highDSA-2339-1
nsssourcesqueeze3.12.8-1+squeeze4highDSA-2339-1

Notes

[lenny] - nss <no-dsa> (Minor issue)
[squeeze] - nss <no-dsa> (Minor issue)
attacker needs to get malicious file into cwd first
http://seclists.org/fulldisclosure/2011/Oct/734

Search for package or bug name: Reporting problems