Vulnerabilities > CVE-2009-2408 - Improper Certificate Validation vulnerability in multiple products

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
high complexity
mozilla
suse
opensuse
debian
canonical
CWE-295
nessus
exploit available

Summary

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.

Vulnerable Configurations

Part Description Count
Application
Mozilla
237
OS
Suse
3
OS
Opensuse
4
OS
Debian
1
OS
Canonical
3

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Creating a Rogue Certificate Authority Certificate
    An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .

Exploit-Db

descriptionMozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability. CVE-2009-2408. Remote exploit for linux platform
idEDB-ID:33128
last seen2016-02-03
modified2009-06-30
published2009-06-30
reporterDan Kaminsky
sourcehttps://www.exploit-db.com/download/33128/
titleMozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2009-006.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion
    last seen2020-06-01
    modified2020-06-02
    plugin id42433
    published2009-11-09
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42433
    titleMac OS X Multiple Vulnerabilities (Security Update 2009-006)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3000) exit(0);
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(42433);
      script_version("1.27");
    
      script_cve_id(
        "CVE-2007-5707",
        "CVE-2007-6698",
        "CVE-2008-0658",
        "CVE-2008-5161",
        "CVE-2009-0023",
        "CVE-2009-1191",
        "CVE-2009-1195",
        "CVE-2009-1574",
        "CVE-2009-1632",
        "CVE-2009-1890",
        "CVE-2009-1891",
        "CVE-2009-1955",
        "CVE-2009-1956",
        "CVE-2009-2408",
        "CVE-2009-2409",
        "CVE-2009-2411",
        "CVE-2009-2412",
        "CVE-2009-2414",
        "CVE-2009-2416",
        "CVE-2009-2666",
        "CVE-2009-2808",
        "CVE-2009-2818",
        "CVE-2009-2819",
        "CVE-2009-2820",
        "CVE-2009-2823",
        "CVE-2009-2824",
        "CVE-2009-2825",
        "CVE-2009-2826",
        "CVE-2009-2827",
        "CVE-2009-2828",
        "CVE-2009-2829",
        "CVE-2009-2831",
        "CVE-2009-2832",
        "CVE-2009-2833",
        "CVE-2009-2834",
        "CVE-2009-2837",
        "CVE-2009-2838",
        "CVE-2009-2839",
        "CVE-2009-2840",
        "CVE-2009-3111",
        "CVE-2009-3291",
        "CVE-2009-3292",
        "CVE-2009-3293"
      );
      script_bugtraq_id(
        26245,
        27778,
        34663,
        35115,
        35221,
        35251,
        35565,
        35623,
        35888,
        35983,
        36263,
        36449,
        36959,
        36961,
        36962,
        36963,
        36964,
        36966,
        36967,
        36972,
        36973,
        36975,
        36977,
        36978,
        36979,
        36982,
        36985,
        36988,
        36990
      );
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-006)");
      script_summary(english:"Check for the presence of Security Update 2009-006");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is running a version of Mac OS X 10.5 that does not
    have Security Update 2009-006 applied.
    
    This security update contains fixes for the following products :
    
      - AFP Client
      - Adaptive Firewall
      - Apache
      - Apache Portable Runtime
      - ATS
      - Certificate Assistant
      - CoreGraphics
      - CUPS
      - Dictionary
      - DirectoryService
      - Disk Images
      - Event Monitor
      - fetchmail
      - FTP Server
      - Help Viewer
      - International Components for Unicode
      - IOKit
      - IPSec
      - libsecurity
      - libxml
      - OpenLDAP
      - OpenSSH
      - PHP
      - QuickDraw Manager
      - QuickLook
      - FreeRADIUS
      - Screen Sharing
      - Spotlight
      - Subversion"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://support.apple.com/kb/HT3937"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://www.securityfocus.com/advisories/18255"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install Security Update 2009-006 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(16, 20, 79, 119, 189, 200, 255, 264, 310, 399);
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/09");
      script_cvs_date("Date: 2018/07/16 12:48:31");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
    
      exit(0);
    }
    
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(1, "The 'Host/uname' KB item is missing.");
    
    pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$";
    if (!ereg(pattern:pat, string:uname)) exit(1, "Can't identify the Darwin kernel version from the uname output ("+uname+").");
    
    darwin = ereg_replace(pattern:pat, replace:"\1", string:uname);
    if (ereg(pattern:"^(9\.[0-8]\.)", string:darwin))
    {
      packages = get_kb_item("Host/MacOSX/packages/boms");
      if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing.");
    
      if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[6-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages))
        exit(0, "The host has Security Update 2009-006 or later installed and therefore is not affected.");
      else
        security_hole(0);
    }
    else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");
    
  • NASL familyAIX Local Security Checks
    NASL idAIX_IZ72837.NASL
    description'sendmail before 8.14.4 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id63813
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63813
    titleAIX 5.3 TL 11 : sendmail (IZ72837)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-203.NASL
    descriptionA vulnerability has been found and corrected in curl : lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id40597
    published2009-08-17
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40597
    titleMandriva Linux Security Advisory : curl (MDVSA-2009:203-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_LIBNEON-DEVEL-091012.NASL
    descriptionneon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers (CVE-2009-2408). Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory (CVE-2009-2473).
    last seen2020-06-01
    modified2020-06-02
    plugin id42315
    published2009-10-30
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42315
    titleopenSUSE Security Update : libneon-devel (libneon-devel-1377)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MUTT-6484.NASL
    descriptionThis update of mutt improves the handling of the \0 character in SSL certificates. (CVE-2009-2408)
    last seen2020-06-01
    modified2020-06-02
    plugin id41559
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41559
    titleSuSE 10 Security Update : mutt (ZYPP Patch Number 6484)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_MUTT-090909.NASL
    descriptionThis update of mutt improves the handling of the \0 character in SSL certificates. (CVE-2009-2408 )
    last seen2020-06-01
    modified2020-06-02
    plugin id41036
    published2009-09-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41036
    titleopenSUSE Security Update : mutt (mutt-1298)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090909_SEAMONKEY_ON_SL3_X.NASL
    descriptionCVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) CVE-2009-2408 firefox/nss: doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id60665
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60665
    titleScientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1874.NASL
    descriptionSeveral vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2404 Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. - CVE-2009-2408 Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. - CVE-2009-2409 Certificates with MD2 hash signatures are no longer accepted since they
    last seen2020-06-01
    modified2020-06-02
    plugin id44739
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44739
    titleDebian DSA-1874-1 : nss - several vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-221.NASL
    descriptionMultiple vulnerabilities has been found and corrected in libneon0.27 : neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564 (CVE-2009-2473). neon before 0.28.6, when OpenSSL is used, does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id40764
    published2009-08-25
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40764
    titleMandriva Linux Security Advisory : libneon0.27 (MDVSA-2009:221)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1428.NASL
    descriptionAccording to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.(CVE-2012-4466) - The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.(CVE-2014-8090) - Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.(CVE-2013-4287) - The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.(CVE-2014-8080) - The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a
    last seen2020-03-17
    modified2019-05-14
    plugin id124931
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124931
    titleEulerOS Virtualization 3.0.1.0 : ruby (EulerOS-SA-2019-1428)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-288.NASL
    descriptionA vulnerability has been identified and corrected in proftpd : The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id42240
    published2009-10-26
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42240
    titleMandriva Linux Security Advisory : proftpd (MDVSA-2009:288)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1432.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075) A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077) Dan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by SeaMonkey, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse SeaMonkey into accepting it by mistake. (CVE-2009-2408) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user
    last seen2020-06-01
    modified2020-06-02
    plugin id40923
    published2009-09-10
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40923
    titleRHEL 3 : seamonkey (RHSA-2009:1432)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_LIBNEON-DEVEL-091012.NASL
    descriptionneon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers (CVE-2009-2408). Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory (CVE-2009-2473).
    last seen2020-06-01
    modified2020-06-02
    plugin id42317
    published2009-10-30
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42317
    titleopenSUSE Security Update : libneon-devel (libneon-devel-1377)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1432.NASL
    descriptionFrom Red Hat Security Advisory 2009:1432 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075) A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077) Dan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by SeaMonkey, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse SeaMonkey into accepting it by mistake. (CVE-2009-2408) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user
    last seen2020-06-01
    modified2020-06-02
    plugin id67924
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67924
    titleOracle Linux 3 : seamonkey (ELSA-2009-1432)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1544.NASL
    descriptionAccording to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP
    last seen2020-06-01
    modified2020-06-02
    plugin id124997
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124997
    titleEulerOS Virtualization 3.0.1.0 : php (EulerOS-SA-2019-1544)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLATHUNDERBIRD-6493.NASL
    descriptionMozilla Thunderbird was updated to version 2.0.0.23. The release fixes one security issue: MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id41986
    published2009-10-06
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41986
    titleopenSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-6493)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_OPENLDAP2-6485.NASL
    descriptionThis update of openldap2 makes SSL certificate verification more robust against uses of the special character \0 in the subjects name. (CVE-2009-2408)
    last seen2020-06-01
    modified2020-06-02
    plugin id41566
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41566
    titleSuSE 10 Security Update : OpenLDAP2 (ZYPP Patch Number 6485)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0008_PYTHON.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. (CVE-2007-4965) - Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context- dependent attackers to defeat cryptographic digests, related to partial hashlib hashing of data exceeding 4GB. (CVE-2008-2316) - Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory. (CVE-2008-5983) - Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context- dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. (CVE-2010-1634) - The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one- byte string, a different vulnerability than CVE-2010-1634. (CVE-2010-2089) - The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id127154
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127154
    titleNewStart CGSL MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0008)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-026.NASL
    descriptionA vulnerability was discovered and corrected in openldap : libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id44321
    published2010-01-27
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44321
    titleMandriva Linux Security Advisory : openldap (MDVSA-2010:026)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_LIBFREEBL3-090812.NASL
    descriptionThe Mozilla NSS security framework was updated to version 3.12.3.1. CVE-2009-2404 / MFSA 2009-43 : Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject
    last seen2020-06-01
    modified2020-06-02
    plugin id40652
    published2009-08-20
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40652
    titleopenSUSE Security Update : libfreebl3 (libfreebl3-1201)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MUTT-090909.NASL
    descriptionThis update of mutt improves the handling of the \0 character in SSL certificates. (CVE-2009-2408)
    last seen2020-06-01
    modified2020-06-02
    plugin id41438
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41438
    titleSuSE 11 Security Update : mutt (SAT Patch Number 1291)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MUTT-6487.NASL
    descriptionThis update of mutt improves the handling of the \0 character in SSL certificates. (CVE-2009-2408 )
    last seen2020-06-01
    modified2020-06-02
    plugin id42023
    published2009-10-06
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42023
    titleopenSUSE 10 Security Update : mutt (mutt-6487)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_MUTT-090909.NASL
    descriptionThis update of mutt improves the handling of the \0 character in SSL certificates. (CVE-2009-2408 )
    last seen2020-06-01
    modified2020-06-02
    plugin id41042
    published2009-09-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41042
    titleopenSUSE Security Update : mutt (mutt-1298)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IZ70637.NASL
    description'sendmail before 8.14.4 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id63799
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63799
    titleAIX 6.1 TL 4 : sendmail (IZ70637)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MOZILLA-NSPR-6541.NASL
    descriptionThe Mozilla NSS security framework was updated to version 3.12.3.1. - Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject
    last seen2020-06-01
    modified2020-06-02
    plugin id42190
    published2009-10-20
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42190
    titleSuSE 10 Security Update : Mozilla NSS (ZYPP Patch Number 6541)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1207.NASL
    descriptionUpdated nspr and nss packages that fix security issues are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) All users of nspr and nss are advised to upgrade to these updated packages, which resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id63889
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63889
    titleRHEL 5 : nspr and nss (RHSA-2009:1207)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-197.NASL
    descriptionSecurity issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404). This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen2020-06-01
    modified2020-06-02
    plugin id40522
    published2009-08-10
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40522
    titleMandriva Linux Security Advisory : nss (MDVSA-2009:197-3)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12521.NASL
    descriptionseamonkey was updated to version 1.1.18, fixing various security issues : - Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw. (MFSA 2009-43 / CVE-2009-2404) - IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability Research team for coordinating a multiple-vendor response to this problem. (MFSA 2009-42 / CVE-2009-2408)
    last seen2020-06-01
    modified2020-06-02
    plugin id42200
    published2009-10-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42200
    titleSuSE9 Security Update : epiphany (YOU Patch Number 12521)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1431.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075) A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user
    last seen2020-06-01
    modified2020-06-02
    plugin id40933
    published2009-09-11
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40933
    titleCentOS 4 : seamonkey (CESA-2009:1431)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_MOZILLATHUNDERBIRD-090915.NASL
    descriptionMozilla Thunderbird was updated to version 2.0.0.23. The release fixes one security issue: MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id64209
    published2013-01-25
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64209
    titleSuSE 11 Security Update : Mozilla (SAT Patch Number 1304)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1434.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that Python
    last seen2020-06-01
    modified2020-06-02
    plugin id124937
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124937
    titleEulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_6_2.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion
    last seen2020-06-01
    modified2020-06-02
    plugin id42434
    published2009-11-09
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42434
    titleMac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-162.NASL
    descriptionMultiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs does not properly handle a \
    last seen2020-06-01
    modified2020-06-02
    plugin id56687
    published2011-11-02
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56687
    titleMandriva Linux Security Advisory : kdelibs4 (MDVSA-2011:162)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-206.NASL
    descriptionA vulnerability has been found and corrected in wget : GNU Wget before 1.12 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id40638
    published2009-08-20
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40638
    titleMandriva Linux Security Advisory : wget (MDVSA-2009:206-1)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IZ72834.NASL
    description'sendmail before 8.14.4 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id63810
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63810
    titleAIX 5.3 TL 8 : sendmail (IZ72834)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBLDAP-2_4-2-090915.NASL
    descriptionThis update of openldap2 makes SSL certificate verification more robust against uses of the special character \0 in the subjects name. (CVE-2009-2408)
    last seen2020-06-01
    modified2020-06-02
    plugin id41420
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41420
    titleSuSE 11 Security Update : OpenLDAP2 (SAT Patch Number 1290)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12505.NASL
    descriptionThis update of mutt improves the handling of the \0 character in SSL certificates. (CVE-2009-2408)
    last seen2020-06-01
    modified2020-06-02
    plugin id41326
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41326
    titleSuSE9 Security Update : mutt (YOU Patch Number 12505)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IZ72528.NASL
    description'sendmail before 8.14.4 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id63809
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63809
    titleAIX 6.1 TL 1 : sendmail (IZ72528)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-027.NASL
    descriptionMultiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id48170
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48170
    titleMandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:027)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_NEON-6548.NASL
    descriptionneon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers. (CVE-2009-2408) Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory. (CVE-2009-2473)
    last seen2020-06-01
    modified2020-06-02
    plugin id42303
    published2009-10-29
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42303
    titleSuSE 10 Security Update : neon (ZYPP Patch Number 6548)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1186.NASL
    descriptionUpdated nspr and nss packages that fix security issues, bugs, and add an enhancement are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The packages with this update are identical to the packages released by RHBA-2009:1161 on the 20th of July 2009. They are being reissued as a Red Hat Security Advisory as they fixed a number of security issues that were made public today. If you are installing these packages for the first time, they also provide a number of bug fixes and add an enhancement, as detailed in RHBA-2009:1161. Since the packages are identical, there is no need to install this update if RHBA-2009:1161 has already been installed. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) All users of nspr and nss are advised to upgrade to these updated packages, which resolve these issues and add an enhancement.
    last seen2020-06-01
    modified2020-06-02
    plugin id40441
    published2009-07-31
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40441
    titleRHEL 5 : nspr and nss (RHSA-2009:1186)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IZ72515.NASL
    description'sendmail before 8.14.4 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id63808
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63808
    titleAIX 6.1 TL 2 : sendmail (IZ72515)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-195.NASL
    descriptionMultiple vulnerabilities has been found and corrected in libesmtp : libESMTP, probably 1.0.4 and earlier, does not properly handle a \
    last seen2020-06-01
    modified2020-06-02
    plugin id49742
    published2010-10-06
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49742
    titleMandriva Linux Security Advisory : libesmtp (MDVSA-2010:195)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-220.NASL
    descriptionThe ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id70224
    published2013-10-01
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70224
    titleAmazon Linux AMI : python27 (ALAS-2013-220)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-241.NASL
    descriptionIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id70903
    published2013-11-14
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70903
    titleAmazon Linux AMI : python26 (ALAS-2013-241)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_LIBFREEBL3-090812.NASL
    descriptionThe Mozilla NSS security framework was updated to version 3.12.3.1. CVE-2009-2404 / MFSA 2009-43 : Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject
    last seen2020-06-01
    modified2020-06-02
    plugin id40645
    published2009-08-20
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40645
    titleopenSUSE Security Update : libfreebl3 (libfreebl3-1201)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090731_NSPR_AND_NSS_FOR_SL_5_X.NASL
    descriptionCVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) CVE-2009-2408 firefox/nss: doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id60632
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60632
    titleScientific Linux Security Update : nspr and nss for SL 5.x on i386/x86_64
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_RUBY_20130924.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. (CVE-2011-1005) - The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005. (CVE-2012-4481) - The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id80755
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80755
    titleOracle Solaris Third-Party Patch Update : ruby (cve_2013_4073_cryptographic_issues)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-217.NASL
    descriptionA number of security vulnerabilities have been discovered in Mozilla Thunderbird : Security issues in thunderbird could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408). A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625 (CVE-2009-3720). This update provides the latest version of Thunderbird which are not vulnerable to these issues. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen2020-06-01
    modified2020-06-02
    plugin id40701
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40701
    titleMandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2009:217-3)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SEAMONKEY-6538.NASL
    descriptionseamonkey was updated to version 1.1.18, fixing various security issues : MFSA 2009-43 / CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw. MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability Research team for coordinating a multiple-vendor response to this problem. The update also contains the fixes from the skipped 1.1.17 security update: MFSA 2009-17/CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme MFSA 2009-21/CVE-2009-1311:POST data sent to wrong site when saving web page with embedded frame MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11) MFSA 2009-26/CVE-2009-1835: Arbitrary domain cookie access by local file: resources MFSA 2009-27/CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests MFSA 2009-29/CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null MFSA 2009-32/CVE-2009-1841: JavaScript chrome privilege escalation MFSA 2009-33/CVE-2009-2210: Crash viewing multipart/alternative message with text/enhanced part
    last seen2020-06-01
    modified2020-06-02
    plugin id42327
    published2009-10-30
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42327
    titleopenSUSE 10 Security Update : seamonkey (seamonkey-6538)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E7BC5600EAA011DEBD9C00215C6A37BB.NASL
    descriptionPostgreSQL project reports : PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id43177
    published2009-12-17
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43177
    titleFreeBSD : postgresql -- multiple vulnerabilities (e7bc5600-eaa0-11de-bd9c-00215c6a37bb)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0001_REMOTE.NASL
    descriptionThe remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Network Security Services (NSS) - NetScape Portable Runtime (NSPR)
    last seen2020-06-01
    modified2020-06-02
    plugin id89735
    published2016-03-08
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89735
    titleVMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0001) (remote check)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1184.NASL
    descriptionUpdated nspr and nss packages that fix security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) These version upgrades also provide a fix for the following bug : * SSL client authentication failed against an Apache server when it was using the mod_nss module and configured for NSSOCSP. On the client side, the user agent received an error message that referenced
    last seen2020-06-01
    modified2020-06-02
    plugin id40439
    published2009-07-31
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40439
    titleRHEL 4 : nspr and nss (RHSA-2009:1184)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_OPENLDAP2-6598.NASL
    descriptionThis update of openldap2 makes SSL certificate verification more robust against uses of the special character \0 in the subjects name. (CVE-2009-2408)
    last seen2020-06-01
    modified2020-06-02
    plugin id49906
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49906
    titleSuSE 10 Security Update : OpenLDAP 2 (ZYPP Patch Number 6598)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_20023.NASL
    descriptionThe installed version of Thunderbird is earlier than 2.0.0.23. Such versions are potentially affected by the following security issue : - The client can be fooled into trusting a malicious SSL server certificate with a null character in the host name. (MFSA 2009-42)
    last seen2020-06-01
    modified2020-06-02
    plugin id40664
    published2009-08-21
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40664
    titleMozilla Thunderbird < 2.0.0.23 Certificate Authority (CA) Common Name Null Byte Handling SSL MiTM Weakness
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-810-3.NASL
    descriptionUSN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS (e.g. Firefox) to have an executable stack. This reduced the effectiveness of some defensive security protections. This update fixes the problem. We apologize for the inconvenience. Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404) Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id65117
    published2013-03-09
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/65117
    titleUbuntu 8.04 LTS / 8.10 / 9.04 : nss regression (USN-810-3)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090731_NSPR_AND_NSS_FOR_SL_4_X.NASL
    descriptionCVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) CVE-2009-2408 firefox/nss: doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id60631
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60631
    titleScientific Linux Security Update : nspr and nss for SL 4.x on i386/x86_64
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-810-2.NASL
    descriptionUSN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404) Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40491
    published2009-08-05
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40491
    titleUbuntu 8.04 LTS / 8.10 / 9.04 : nspr update (USN-810-2)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-224.NASL
    descriptionSession fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id70228
    published2013-10-01
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70228
    titleAmazon Linux AMI : php54 (ALAS-2013-224)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBNEON-DEVEL-091012.NASL
    descriptionneon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers. (CVE-2009-2408) Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory. (CVE-2009-2473)
    last seen2020-06-01
    modified2020-06-02
    plugin id42301
    published2009-10-29
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42301
    titleSuSE 11 Security Update : libneon (SAT Patch Number 1376)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_3013.NASL
    descriptionThe installed version of Firefox is earlier than 3.0.13. Such versions are potentially affected by the following security issues : - The browser can be fooled into trusting a malicious SSL server certificate with a null character in the host name. (MFSA 2009-42) - A heap overflow in the code that handles regular expressions in certificate names can lead to arbitrary code execution. (MFSA 2009-43) - The location bar and SSL indicators can be spoofed by calling window.open() on an invalid URL. A remote attacker could use this to perform a phishing attack. (MFSA 2009-44) - Unspecified JavaScript-related vulnerabilities can lead to memory corruption, and possibly arbitrary execution of code. (MFSA 2009-45)
    last seen2020-06-01
    modified2020-06-02
    plugin id40478
    published2009-08-04
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40478
    titleFirefox < 3.0.13 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12506.NASL
    descriptionThis update of openldap2 makes SSL certificate verification more robust against uses of the special character \0 in the subject
    last seen2020-06-01
    modified2020-06-02
    plugin id41327
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41327
    titleSuSE9 Security Update : OpenLDAP2 (YOU Patch Number 12506)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1190.NASL
    descriptionUpdated nspr and nss packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) These version upgrades also provide fixes for the following bugs : * SSL client authentication failed against an Apache server when it was using the mod_nss module and configured for NSSOCSP. On the client side, the user agent received an error message that referenced
    last seen2020-06-01
    modified2020-06-02
    plugin id63888
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63888
    titleRHEL 4 : nspr and nss (RHSA-2009:1190)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBFREEBL3-090812.NASL
    descriptionThe Mozilla NSS security framework was updated to version 3.12.3.1. - Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject
    last seen2020-06-01
    modified2020-06-02
    plugin id41419
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41419
    titleSuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1199)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBNEON-DEVEL-6550.NASL
    descriptionneon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers (CVE-2009-2408). Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory (CVE-2009-2473).
    last seen2020-06-01
    modified2020-06-02
    plugin id42324
    published2009-10-30
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42324
    titleopenSUSE 10 Security Update : libneon-devel (libneon-devel-6550)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_SEAMONKEY-091007.NASL
    descriptionseamonkey was updated to version 1.1.18, fixing various security issues : MFSA 2009-43 / CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw. MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability Research team for coordinating a multiple-vendor response to this problem. The update also contains the fixes from the skipped 1.1.17 security update: MFSA 2009-17/CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme MFSA 2009-21/CVE-2009-1311:POST data sent to wrong site when saving web page with embedded frame MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11) MFSA 2009-26/CVE-2009-1835: Arbitrary domain cookie access by local file: resources MFSA 2009-27/CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests MFSA 2009-29/CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null MFSA 2009-32/CVE-2009-1841: JavaScript chrome privilege escalation MFSA 2009-33/CVE-2009-2210: Crash viewing multipart/alternative message with text/enhanced part
    last seen2020-06-01
    modified2020-06-02
    plugin id42202
    published2009-10-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42202
    titleopenSUSE Security Update : seamonkey (seamonkey-1364)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_PHP_20140401.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. (CVE-2011-4718) - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an
    last seen2020-06-01
    modified2020-06-02
    plugin id80736
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80736
    titleOracle Solaris Third-Party Patch Update : php (cve_2013_4113_buffer_errors)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-003.NASL
    descriptionA security vulnerability has been identified and fixed in sendmail : sendmail before 8.14.4 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id43867
    published2010-01-13
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43867
    titleMandriva Linux Security Advisory : sendmail (MDVSA-2010:003)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-028.NASL
    descriptionMultiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \
    last seen2020-06-01
    modified2020-06-02
    plugin id48171
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48171
    titleMandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:028)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1431.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075) A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user
    last seen2020-06-01
    modified2020-06-02
    plugin id40922
    published2009-09-10
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40922
    titleRHEL 4 : seamonkey (RHSA-2009:1431)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-315.NASL
    descriptionA vulnerability has been found and corrected in libneo : neon before 0.28.6, when OpenSSL is used, does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id43018
    published2009-12-07
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43018
    titleMandriva Linux Security Advisory : libneon (MDVSA-2009:315)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_NEON-6549.NASL
    descriptionneon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers. (CVE-2009-2408) Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory. (CVE-2009-2473)
    last seen2020-06-01
    modified2020-06-02
    plugin id49905
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49905
    titleSuSE 10 Security Update : neon (ZYPP Patch Number 6549)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-810-1.NASL
    descriptionMoxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404) Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40490
    published2009-08-05
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40490
    titleUbuntu 8.04 LTS / 8.10 / 9.04 : nss vulnerabilities (USN-810-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201301-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id63402
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63402
    titleGLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IZ72510.NASL
    description'sendmail before 8.14.4 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id63807
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63807
    titleAIX 6.1 TL 3 : sendmail (IZ72510)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1184.NASL
    descriptionFrom Red Hat Security Advisory 2009:1184 : Updated nspr and nss packages that fix security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) These version upgrades also provide a fix for the following bug : * SSL client authentication failed against an Apache server when it was using the mod_nss module and configured for NSSOCSP. On the client side, the user agent received an error message that referenced
    last seen2020-06-01
    modified2020-06-02
    plugin id67902
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67902
    titleOracle Linux 4 / 5 : nspr / nss (ELSA-2009-1184)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-225.NASL
    descriptionA vulnerability has been found and corrected in qt4 : src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id40900
    published2009-09-09
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40900
    titleMandriva Linux Security Advisory : qt4 (MDVSA-2009:225)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_49E8F2EE814711DEA9940030843D3802.NASL
    descriptionMozilla Project reports : MFSA 2009-38: Data corruption with SOCKS5 reply containing DNS name longer than 15 characters MFSA 2009-42: Compromise of SSL-protected communication MFSA 2009-43: Heap overflow in certificate regexp parsing MFSA 2009-44: Location bar and SSL indicator spoofing via window.open() on invalid URL MFSA 2009-45: Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13) MFSA 2009-46: Chrome privilege escalation due to incorrectly cached wrapper
    last seen2020-06-01
    modified2020-06-02
    plugin id40485
    published2009-08-05
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40485
    titleFreeBSD : mozilla -- multiple vulnerabilities (49e8f2ee-8147-11de-a994-0030843d3802)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-221.NASL
    descriptionA vulnerability has been discovered and corrected in php : The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id69490
    published2013-08-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69490
    titleMandriva Linux Security Advisory : php (MDVSA-2013:221)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1432.NASL
    descriptionUpdated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075) A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077) Dan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by SeaMonkey, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse SeaMonkey into accepting it by mistake. (CVE-2009-2408) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user
    last seen2020-06-01
    modified2020-06-02
    plugin id40934
    published2009-09-11
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40934
    titleCentOS 3 : seamonkey (CESA-2009:1432)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_PHP_20140522.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id80737
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80737
    titleOracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_MOZILLATHUNDERBIRD-090914.NASL
    descriptionMozilla Thunderbird was updated to version 2.0.0.23. The release fixes one security issue: MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id41009
    published2009-09-18
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41009
    titleopenSUSE Security Update : MozillaThunderbird (MozillaThunderbird-1303)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-201.NASL
    descriptionA vulnerability has been found and corrected in fetchmail : socket.c in fetchmail before 6.3.11 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id40585
    published2009-08-13
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40585
    titleMandriva Linux Security Advisory : fetchmail (MDVSA-2009:201-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBFREEBL3-6494.NASL
    descriptionThe Mozilla NSS and dependend libraries were updated to fix various issues. CVE-2009-2404 / MFSA 2009-43 : Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject
    last seen2020-06-01
    modified2020-06-02
    plugin id42013
    published2009-10-06
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42013
    titleopenSUSE 10 Security Update : libfreebl3 (libfreebl3-6494)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_SEAMONKEY-091007.NASL
    descriptionseamonkey was updated to version 1.1.18, fixing various security issues : MFSA 2009-43 / CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw. MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates. Mozilla would like to thank Dan and the Microsoft Vulnerability Research team for coordinating a multiple-vendor response to this problem. The update also contains the fixes from the skipped 1.1.17 security update: MFSA 2009-17/CVE-2009-1307: Same-origin violations when Adobe Flash loaded via view-source: scheme MFSA 2009-21/CVE-2009-1311:POST data sent to wrong site when saving web page with embedded frame MFSA 2009-24/CVE-2009-1392/CVE-2009-1832/CVE-2009-1833: Crashes with evidence of memory corruption (rv:1.9.0.11) MFSA 2009-26/CVE-2009-1835: Arbitrary domain cookie access by local file: resources MFSA 2009-27/CVE-2009-1836: SSL tampering via non-200 responses to proxy CONNECT requests MFSA 2009-29/CVE-2009-1838: Arbitrary code execution using event listeners attached to an element whose owner document is null MFSA 2009-32/CVE-2009-1841: JavaScript chrome privilege escalation MFSA 2009-33/CVE-2009-2210: Crash viewing multipart/alternative message with text/enhanced part
    last seen2020-06-01
    modified2020-06-02
    plugin id42206
    published2009-10-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42206
    titleopenSUSE Security Update : seamonkey (seamonkey-1364)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_LIBLDAP-2_4-2-090909.NASL
    descriptionThis update of openldap2 makes SSL certificate verification more robust against uses of the special character \0 in the subjects name. (CVE-2009-2408)
    last seen2020-06-01
    modified2020-06-02
    plugin id41035
    published2009-09-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41035
    titleopenSUSE Security Update : libldap-2_4-2 (libldap-2_4-2-1301)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_MOZILLATHUNDERBIRD-090914.NASL
    descriptionMozilla Thunderbird was updated to version 2.0.0.23. The release fixes one security issue: MFSA 2009-42 / CVE-2009-2408: IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. In particular, if a malicious person requested a certificate for a host name with an invalid null character in it most CAs would issue the certificate if the requester owned the domain specified after the null, while most SSL clients (browsers) ignored that part of the name and used the unvalidated part in front of the null. This made it possible for attackers to obtain certificates that would function for any site they wished to target. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This vulnerability was independently reported to us by researcher Moxie Marlinspike who also noted that since Firefox relies on SSL to protect the integrity of security updates this attack could be used to serve malicious updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id41011
    published2009-09-18
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41011
    titleopenSUSE Security Update : MozillaThunderbird (MozillaThunderbird-1303)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IZ72835.NASL
    description'sendmail before 8.14.4 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id63811
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63811
    titleAIX 5.3 TL 9 : sendmail (IZ72835)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-014.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in php : The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id72082
    published2014-01-22
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72082
    titleMandriva Linux Security Advisory : php (MDVSA-2014:014)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2025.NASL
    descriptionSeveral remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2408 Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id45397
    published2010-04-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45397
    titleDebian DSA-2025-1 : icedove - several vulnerabilities
  • NASL familyWindows
    NASL idSEAMONKEY_1118.NASL
    descriptionThe installed version of SeaMonkey is earlier than 1.1.18. Such versions are potentially affected by the following security issues : - The browser can be fooled into trusting a malicious SSL server certificate with a null character in the host name. (MFSA 2009-42) - A heap overflow in the code that handles regular expressions in certificate names can lead to arbitrary code execution. (MFSA 2009-43)
    last seen2020-06-01
    modified2020-06-02
    plugin id40874
    published2009-09-04
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40874
    titleSeaMonkey < 1.1.18 Multiple Vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-198.NASL
    descriptionSecurity issues were identified and fixed in firefox 3.0.x : Security researcher Juan Pablo Lopez Yacubian reported that an attacker could call window.open() on an invalid URL which looks similar to a legitimate URL and then use document.write() to place content within the new document, appearing to have come from the spoofed location (CVE-2009-2654). Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client (CVE-2009-2404). IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions (CVE-2009-2408). This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id40523
    published2009-08-10
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40523
    titleMandriva Linux Security Advisory : firefox (MDVSA-2009:198)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IZ72836.NASL
    description'sendmail before 8.14.4 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id63812
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63812
    titleAIX 5.3 TL 10 : sendmail (IZ72836)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0001.NASL
    descriptiona. Update for Service Console packages nss and nspr Service console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR) are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console packages for NSS and NSPR. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-2409, CVE-2009-2408, CVE-2009-2404, CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, and CVE-2009-3382 to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43826
    published2010-01-08
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43826
    titleVMSA-2010-0001 : ESX Service Console and vMA updates for nss and nspr
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1431.NASL
    descriptionFrom Red Hat Security Advisory 2009:1431 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075) A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user
    last seen2020-06-01
    modified2020-06-02
    plugin id67923
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67923
    titleOracle Linux 4 : seamonkey (ELSA-2009-1431)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_LIBLDAP-2_4-2-090909.NASL
    descriptionThis update of openldap2 makes SSL certificate verification more robust against uses of the special character \0 in the subjects name. (CVE-2009-2408)
    last seen2020-06-01
    modified2020-06-02
    plugin id41041
    published2009-09-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41041
    titleopenSUSE Security Update : libldap-2_4-2 (libldap-2_4-2-1301)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBLDAP-2_4-2-6488.NASL
    descriptionThis update of openldap2 makes SSL certificate verification more robust against uses of the special character \0 in the subjects name. (CVE-2009-2408)
    last seen2020-06-01
    modified2020-06-02
    plugin id42014
    published2009-10-06
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42014
    titleopenSUSE 10 Security Update : libldap-2_4-2 (libldap-2_4-2-6488)

Oval

  • accepted2013-04-29T04:08:22.117-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionMozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
    familyunix
    idoval:org.mitre.oval:def:10751
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleMozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
    version27
  • accepted2014-01-20T04:01:39.342-05:00
    classvulnerability
    contributors
    • namePai Peng
      organizationHewlett-Packard
    • nameChris Coffin
      organizationThe MITRE Corporation
    definition_extensions
    commentVMware ESX Server 4.0 is installed
    ovaloval:org.mitre.oval:def:6293
    descriptionMozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
    familyunix
    idoval:org.mitre.oval:def:8458
    statusaccepted
    submitted2010-03-18T13:00:53.000-04:00
    titleVMware Network Security Services (NSS) does not properly handle '\0' character
    version7

Redhat

advisories
  • rhsa
    idRHSA-2009:1207
  • rhsa
    idRHSA-2009:1432
rpms
  • nspr-0:4.7.4-1.el4_8.1
  • nspr-debuginfo-0:4.7.4-1.el4_8.1
  • nspr-devel-0:4.7.4-1.el4_8.1
  • nss-0:3.12.3.99.3-1.el4_8.2
  • nss-debuginfo-0:3.12.3.99.3-1.el4_8.2
  • nss-devel-0:3.12.3.99.3-1.el4_8.2
  • nss-tools-0:3.12.3.99.3-1.el4_8.2
  • nspr-0:4.7.4-1.el5_3.1
  • nspr-debuginfo-0:4.7.4-1.el5_3.1
  • nspr-devel-0:4.7.4-1.el5_3.1
  • nss-0:3.12.3.99.3-1.el5_3.2
  • nss-debuginfo-0:3.12.3.99.3-1.el5_3.2
  • nss-devel-0:3.12.3.99.3-1.el5_3.2
  • nss-pkcs11-devel-0:3.12.3.99.3-1.el5_3.2
  • nss-tools-0:3.12.3.99.3-1.el5_3.2
  • nspr-0:4.7.4-1.el4_7.1
  • nspr-debuginfo-0:4.7.4-1.el4_7.1
  • nspr-devel-0:4.7.4-1.el4_7.1
  • nss-0:3.12.3.99.3-1.el4_7.6
  • nss-debuginfo-0:3.12.3.99.3-1.el4_7.6
  • nss-devel-0:3.12.3.99.3-1.el4_7.6
  • nspr-0:4.7.4-1.el5_2
  • nspr-debuginfo-0:4.7.4-1.el5_2
  • nspr-devel-0:4.7.4-1.el5_2
  • nss-0:3.12.3.99.3-1.el5_2
  • nss-debuginfo-0:3.12.3.99.3-1.el5_2
  • nss-devel-0:3.12.3.99.3-1.el5_2
  • nss-pkcs11-devel-0:3.12.3.99.3-1.el5_2
  • nss-tools-0:3.12.3.99.3-1.el5_2
  • seamonkey-0:1.0.9-0.45.el3
  • seamonkey-chat-0:1.0.9-0.45.el3
  • seamonkey-debuginfo-0:1.0.9-0.45.el3
  • seamonkey-devel-0:1.0.9-0.45.el3
  • seamonkey-dom-inspector-0:1.0.9-0.45.el3
  • seamonkey-js-debugger-0:1.0.9-0.45.el3
  • seamonkey-mail-0:1.0.9-0.45.el3
  • seamonkey-nspr-0:1.0.9-0.45.el3
  • seamonkey-nspr-devel-0:1.0.9-0.45.el3
  • seamonkey-nss-0:1.0.9-0.45.el3
  • seamonkey-nss-devel-0:1.0.9-0.45.el3

Seebug

  • bulletinFamilyexploit
    description### Summary A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability. ### Tested Versions Randombit Botan 2.0.1 ### Product URLs https://botan.randombit.net/ ### CVSSv3 Score 6.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L ### CWE CWE-125: Out-of-bounds Read ### Details Botan is a C++ cryptographic library that implements the basis for practical systems that require TLS, PKIX certificate handling, password hashing or other cryptographic primitives. There exists a programming error in code related to x509 distinguished name parsing. Namely, an x509 DN comparison function can lead to out of bounds memory access leading to unexpected results, information disclosure or potential denial of service. The vulnerability is located in the overloaded equality comparison function `Botan::x500_name_cmp`: ``` bool x500_name_cmp(const std::string& name1, const std::string& name2) { auto p1 = name1.begin(); auto p2 = name2.begin(); while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1; [1] while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2; while(p1 != name1.end() && p2 != name2.end()) { if(Charset::is_space(*p1)) [2] { if(!Charset::is_space(*p2)) [3] return false; while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1; [4] while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2; [5] if(p1 == name1.end() && p2 == name2.end()) [6] return true; } if(!Charset::caseless_cmp(*p1, *p2)) [7] return false; ++p1; [8] ++p2; } while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1; while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2; if((p1 != name1.end()) || (p2 != name2.end())) return false; return true; } ``` First, at [1], initiall whitespaces are skipped. Then, strings are compared byte by byte in a loop while checking for whitespace at [2]. If a space occurs in the first string [2] and the second too [3], those are again skipped at [4] and [5]. Then, at [6], if both have reached an end, true is returned. If not, another comparison is made at [7] and if it passes, the pointers are increased at [8]. The vulnerability lies in the way whitespaces are handeled. If we are comparing two strings which are initially the same up to a space character, we would enter while loops at [4] and [5]. Now, if one string contains a NULL byte after that space, and the other has spaces until its end, the check at [6] won’t be true, because only the second string would point to its end. However, both are actually pointing at a NULL byte, which means the check at [7] will still hold true, and pointers are once again increased at [8]. Then when the loop rolls around, one of the pointers can point outside its allocated buffer, leading to unexpected behaviour. A specially crafted x509 certificate with specific x509 DN strings for subject and issuer fields can be created. Example strings that satisfy the above conditions are: ``` String 1: AA\x20\x00AAAAAAAAAA String 2: AA\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20 ``` Notice that both are the same length, begin with same characters up until space after which the first is terminated and the second has spaces till the end. Because of the way these pieces of certificate are copied from the x509 file to their memory buffers, the first string’s length won’t be 3, that is, it won’t be terminated at the first NULL. With careful control over X509 distinguished names contents and depending on memory layout in the target application, it could be possible to craft a certificate where equality checks could pass or fail. Also, a discrepancy between a way these malformed strings are handled in Botan and other x509 libraries could lead to other types of abuse, possibly not unlike the famed CVE-2009-2408. The vulnerability can be triggered with the supplied example x509 certificate. ### Crash Information Address sanitizer output: ``` botan/botan cert_info --ber cert1.der 2>&1| asan_symbolize -d ================================================================= ==15015==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000dfa3 at pc 0x7f027ec92e85 bp 0x7ffdf452fe60 sp 0x7ffdf452fe58 READ of size 1 at 0x60300000dfa3 thread T0 #0 0x7f027ec92e84 in Botan::x500_name_cmp(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) botan/./src/lib/utils/parsing.cpp:232 #1 0x7f027ec92e84 in ?? ??:0 #2 0x7f027e269f2a in Botan::operator==(Botan::X509_DN const&, Botan::X509_DN const&) botan/./src/lib/asn1/x509_dn.cpp:153 #3 0x7f027e269f2a in ?? ??:0 #4 0x7f027ed8b8f4 in Botan::X509_Certificate::force_decode() botan/./src/lib/x509/x509cert.cpp:149 #5 0x7f027ed8b8f4 in ?? ??:0 #6 0x7f027ed85263 in Botan::X509_Object::do_decode() botan/./src/lib/x509/x509_obj.cpp:235 #7 0x7f027ed85263 in ?? ??:0 #8 0x7f027ed877b1 in X509_Certificate botan/./src/lib/x509/x509cert.cpp:50 #9 0x7f027ed877b1 in ?? ??:0 #10 0x5fcc93 in Botan_CLI::Cert_Info::go() botan/./src/cli/x509.cpp:85 #11 0x5fcc93 in ?? ??:0 #12 0x520ed5 in Botan_CLI::Command::run(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) botan/./src/cli/cli.h:229 #13 0x520ed5 in ?? ??:0 #14 0x51ca4f in main botan/./src/cli/main.cpp:60 #15 0x51ca4f in ?? ??:0 #16 0x7f027d16982f in __libc_start_main /build/glibc-Qz8a69/glibc-2.23/csu/../csu/libc-start.c:291 #17 0x7f027d16982f in ?? ??:0 #18 0x42e328 in _start ??:? #19 0x42e328 in ?? ??:0 0x60300000dfa3 is located 0 bytes to the right of 19-byte region [0x60300000df90,0x60300000dfa3) allocated by thread T0 here: #0 0x4ce458 in __interceptor_malloc ??:? #1 0x4ce458 in ?? ??:0 #2 0x7f027f296e77 in operator new(unsigned long) ??:? #3 0x7f027f296e77 in ?? ??:0 #4 0x7f027e272283 in std::pair<std::__decay_and_strip<Botan::OID const&>::__type, std::__decay_and_strip<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>::__type> std::make_pair<Botan::OID const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(Botan::OID const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_pair.h:281 (discriminator 4) #5 0x7f027e272283 in void Botan::multimap_insert<Botan::OID, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::multimap<Botan::OID, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<Botan::OID>, std::allocator<std::pair<Botan::OID const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >&, Botan::OID const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) botan/build/include/botan/internal/stl_util.h:79 (discriminator 4) #6 0x7f027e272283 in ?? ??:0 #7 0x7f027e2671eb in Botan::X509_DN::get_attributes[abi:cxx11]() const botan/./src/lib/asn1/x509_dn.cpp:78 (discriminator 1) #8 0x7f027e2671eb in ?? ??:0 #9 0x7f027e269d49 in Botan::operator==(Botan::X509_DN const&, Botan::X509_DN const&) botan/./src/lib/asn1/x509_dn.cpp:138 (discriminator 1) #10 0x7f027e269d49 in ?? ??:0 #11 0x7f027ed8b8f4 in Botan::X509_Certificate::force_decode() botan/./src/lib/x509/x509cert.cpp:149 #12 0x7f027ed8b8f4 in ?? ??:0 #13 0x7f027ed85263 in Botan::X509_Object::do_decode() botan/./src/lib/x509/x509_obj.cpp:235 #14 0x7f027ed85263 in ?? ??:0 #15 0x7f027ed877b1 in X509_Certificate botan/./src/lib/x509/x509cert.cpp:50 #16 0x7f027ed877b1 in ?? ??:0 #17 0x5fcc93 in Botan_CLI::Cert_Info::go() botan/./src/cli/x509.cpp:85 #18 0x5fcc93 in ?? ??:0 #19 0x520ed5 in Botan_CLI::Command::run(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) botan/./src/cli/cli.h:229 #20 0x520ed5 in ?? ??:0 #21 0x51ca4f in main botan/./src/cli/main.cpp:60 #22 0x51ca4f in ?? ??:0 #23 0x7f027d16982f in __libc_start_main /build/glibc-Qz8a69/glibc-2.23/csu/../csu/libc-start.c:291 #24 0x7f027d16982f in ?? ??:0 SUMMARY: AddressSanitizer: heap-buffer-overflow (botan/libbotan-2.so.0+0xc38e84) Shadow bytes around the buggy address: 0x0c067fff9ba0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff9bb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff9bc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff9bd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c067fff9be0: fa fa fa fa fa fa 00 00 03 fa fa fa fd fd fd fa =>0x0c067fff9bf0: fa fa 00 00[03]fa fa fa fd fd fd fa fa fa 00 00 0x0c067fff9c00: 00 04 fa fa fd fd fd fd fa fa 00 00 00 03 fa fa 0x0c067fff9c10: fd fd fd fd fa fa 00 00 00 03 fa fa fd fd fd fd 0x0c067fff9c20: fa fa 00 00 05 fa fa fa fd fd fd fa fa fa 00 00 0x0c067fff9c30: 07 fa fa fa fd fd fd fa fa fa 00 00 01 fa fa fa 0x0c067fff9c40: 00 00 00 fa fa fa fd fd fd fa fa fa fd fd fd fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==15015==ABORTING ``` ### Mitigation Adding another check which tests if either string is at the end while the other is not, which would make them different, is enough to resolve this vulnerability: ``` diff --git a/src/lib/utils/parsing.cpp b/src/lib/utils/parsing.cpp index 8fd2ccc..ce4b02f 100644 --- a/src/lib/utils/parsing.cpp +++ b/src/lib/utils/parsing.cpp @@ -240,6 +240,11 @@ bool x500_name_cmp(const std::string& name1, const std::string& name2) if(p1 == name1.end() && p2 == name2.end()) return true; + if(p1 == name1.end() || p2 == name2.end()) + return false; } if(!Charset::caseless_cmp(*p1, *p2)) return false; ``` ### Timeline * 2017-03-16 - Vendor Disclosure * 2017-04-28 - Public Release ### CREDIT * Discovered by Aleksandar Nikolic of Cisco Talos.
    idSSV:96525
    last seen2017-11-19
    modified2017-09-19
    published2017-09-19
    reporterRoot
    titleRandombit Botan Library X509 Certificate Validation Bypass Vulnerability(CVE-2017-2801)
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:12447
    last seen2017-11-19
    modified2009-10-10
    published2009-10-10
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-12447
    titlemozilla-thunderbird多个安全漏洞
  • bulletinFamilyexploit
    descriptionBugraq ID: 35888 CVE ID:CVE-2009-2408 Mozilla Firefox是一款开放源代码的WEB浏览器。 Mozilla Firefox不正确验证签名CA证书中的域名,远程攻击者可以利用漏洞通过伪造证书进行中间人攻击。 如果构建的一个恶意证书其公用名包含NULL字符,并能正确获得合法签名被浏览器信任,那么攻击者可以使用这个证书代替合法证书进行中间人攻击,获得敏感信息或进行其他攻击。 Mozilla Network Security Services (NSS) 3.12.2 Mozilla Network Security Services (NSS) 3.11.3 Mozilla Network Security Services (NSS) 3.9.2 Mozilla Network Security Services (NSS) 3.9 + Mozilla Browser 1.5 Mozilla Network Security Services (NSS) 3.8 + Galeon Galeon Browser 1.2.13 + Mozilla Browser 1.4.1 + Mozilla Browser 1.4.1 + Mozilla Browser 1.4 b + Mozilla Browser 1.4 b + Mozilla Browser 1.4 a + Mozilla Browser 1.4 a + Mozilla Browser 1.4 + Mozilla Browser 1.4 Mozilla Network Security Services (NSS) 3.7.7 Mozilla Network Security Services (NSS) 3.7.5 Mozilla Network Security Services (NSS) 3.7.3 Mozilla Network Security Services (NSS) 3.7.2 Mozilla Network Security Services (NSS) 3.7.1 Mozilla Network Security Services (NSS) 3.7 Mozilla Network Security Services (NSS) 3.6.1 Mozilla Network Security Services (NSS) 3.6 Mozilla Network Security Services (NSS) 3.6 Mozilla Network Security Services (NSS) 3.5 Mozilla Network Security Services (NSS) 3.4.2 Mozilla Network Security Services (NSS) 3.4.1 Mozilla Network Security Services (NSS) 3.4 Mozilla Network Security Services (NSS) 3.3.2 Mozilla Network Security Services (NSS) 3.3.1 Mozilla Network Security Services (NSS) 3.3 Mozilla Network Security Services (NSS) 3.2.1 Mozilla Network Security Services (NSS) 3.2 Mozilla Network Security Services (NSS) 3.12 Mozilla Network Security Services (NSS) 3.11 Mozilla Firefox 3.0.12 Mozilla Firefox 3.0.11 Mozilla Firefox 3.0.10 Mozilla Firefox 3.0.9 Mozilla Firefox 3.0.8 Mozilla Firefox 3.0.7 Beta Mozilla Firefox 3.0.7 Mozilla Firefox 3.0.6 Mozilla Firefox 3.0.5 Mozilla Firefox 3.0.4 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.2 Mozilla Firefox 3.0.1 Mozilla Firefox 3.0 Beta 5 Mozilla Firefox 3.0 厂商解决方案 Mozilla Firefox 3.5不受此漏洞影响,建议用户联系供应商获得升级程序: http://www.mozilla.com/en-US/
    idSSV:11950
    last seen2017-11-19
    modified2009-07-31
    published2009-07-31
    reporterRoot
    titleMozilla Firefox NULL字符CA SSL证书验证安全绕过漏洞

Talos

idTALOS-2017-0294
last seen2019-05-29
published2017-04-28
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0294
titleRandombit Botan Library X509 Certificate Validation Bypass Vulnerability

References