Rapid7 Vulnerability & Exploit Database

SUSE Linux Security Vulnerability: CVE-2011-3640

Back to Search

SUSE Linux Security Vulnerability: CVE-2011-3640

Severity
7
CVSS
(AV:N/AC:H/Au:S/C:C/I:C/A:C)
Published
10/27/2011
Created
07/25/2018
Added
02/17/2015
Modified
05/11/2020

Description

** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."

Solution(s)

  • suse-upgrade-libfreebl3
  • suse-upgrade-libfreebl3-32bit
  • suse-upgrade-libsoftokn3
  • suse-upgrade-libsoftokn3-32bit
  • suse-upgrade-mozilla-nss
  • suse-upgrade-mozilla-nss-32bit
  • suse-upgrade-mozilla-nss-certs
  • suse-upgrade-mozilla-nss-certs-32bit
  • suse-upgrade-mozilla-nss-devel
  • suse-upgrade-mozilla-nss-sysinit
  • suse-upgrade-mozilla-nss-sysinit-32bit
  • suse-upgrade-mozilla-nss-tools
  • suse-upgrade-seamonkey
  • suse-upgrade-seamonkey-dom-inspector
  • suse-upgrade-seamonkey-irc
  • suse-upgrade-seamonkey-translations-common
  • suse-upgrade-seamonkey-translations-other
  • suse-upgrade-seamonkey-venkman

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;