CVE-2011-3640

NameCVE-2011-3640
DescriptionUntrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2339-1
Debian Bugs647614

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium-browser (PTS)jessie, jessie (lts)57.0.2987.98-1~deb8u1vulnerable
stretch (security), stretch (lts), stretch71.0.3578.80-1~deb9u1vulnerable
nss (PTS)jessie, jessie (lts)2:3.26-1+debu8u18fixed
stretch (security)2:3.26.2-1.1+deb9u5fixed
stretch (lts), stretch2:3.26.2-1.1+deb9u7fixed
buster2:3.42.1-1+deb10u5fixed
buster (security)2:3.42.1-1+deb10u8fixed
bullseye (security), bullseye2:3.61-1+deb11u3fixed
bookworm2:3.87.1-1fixed
sid, trixie2:3.101-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromium-browsersource(unstable)(unfixed)unimportant
nsssourcelenny3.12.3.1-0lenny7DSA-2339-1
nsssourcesqueeze3.12.8-1+squeeze4DSA-2339-1
nsssource(unstable)3.13.1.with.ckbi.1.88-1low647614

Notes

[lenny] - nss <no-dsa> (Minor issue)
[squeeze] - nss <no-dsa> (Minor issue)
attacker needs to get malicious file into cwd first
http://seclists.org/fulldisclosure/2011/Oct/734

Search for package or bug name: Reporting problems