CVE-2011-3640

NameCVE-2011-3640
Description** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2339-1
NVD severityhigh (attack range: remote)
Debian Bugs647614

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)jessie (security), jessie57.0.2987.98-1~deb8u1vulnerable
stretch63.0.3239.84-1~deb9u1vulnerable
stretch (security)69.0.3497.92-1~deb9u1vulnerable
buster69.0.3497.92-1vulnerable
sid70.0.3538.67-1vulnerable
nss (PTS)jessie (security), jessie2:3.26-1+debu8u3fixed
stretch (security), stretch2:3.26.2-1.1+deb9u1fixed
buster, sid2:3.39-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)(unfixed)unimportant
nsssource(unstable)3.13.1.with.ckbi.1.88-1low647614
nsssourcelenny3.12.3.1-0lenny7highDSA-2339-1
nsssourcesqueeze3.12.8-1+squeeze4highDSA-2339-1

Notes

[lenny] - nss <no-dsa> (Minor issue)
[squeeze] - nss <no-dsa> (Minor issue)
attacker needs to get malicious file into cwd first
http://seclists.org/fulldisclosure/2011/Oct/734

Search for package or bug name: Reporting problems