CVE-2011-3640

NameCVE-2011-3640
Description** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2339-1
NVD severityhigh (attack range: remote)
Debian Bugs647614

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)wheezy (security), wheezy37.0.2062.120-1~deb7u1vulnerable
jessie49.0.2623.108-1~deb8u1vulnerable
jessie (security)50.0.2661.75-1~deb8u1vulnerable
stretch49.0.2623.108-1vulnerable
sid50.0.2661.75-2vulnerable
nss (PTS)wheezy (security), wheezy2:3.14.5-1+deb7u5fixed
jessie2:3.17.2-1.1+deb8u2fixed
jessie (security)2:3.17.2-1.1+deb8u1fixed
stretch, sid2:3.23-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)(unfixed)unimportant
nsssource(unstable)3.13.1.with.ckbi.1.88-1low647614
nsssourcelenny3.12.3.1-0lenny7highDSA-2339-1
nsssourcesqueeze3.12.8-1+squeeze4highDSA-2339-1

Notes

[lenny] - nss <no-dsa> (Minor issue)
[squeeze] - nss <no-dsa> (Minor issue)
attacker needs to get malicious file into cwd first
http://seclists.org/fulldisclosure/2011/Oct/734

Search for package or bug name: Reporting problems