Vulnerabilities > CVE-2013-1740 - Cryptographic Issues vulnerability in Mozilla Network Security Services
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-012.NASL description A vulnerability has been discovered and corrected in Mozilla NSS : The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic (CVE-2013-1740). The updated packages have been upgraded to the 3.15.4 version which is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 72056 published 2014-01-21 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72056 title Mandriva Linux Security Advisory : nss (MDVSA-2014:012) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2014:012. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(72056); script_version("1.5"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2013-1740"); script_bugtraq_id(64944); script_xref(name:"MDVSA", value:"2014:012"); script_name(english:"Mandriva Linux Security Advisory : nss (MDVSA-2014:012)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability has been discovered and corrected in Mozilla NSS : The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic (CVE-2013-1740). The updated packages have been upgraded to the 3.15.4 version which is not vulnerable to this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nss-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64nss-devel-3.15.4-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64nss-static-devel-3.15.4-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64nss3-3.15.4-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"nss-3.15.4-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"nss-doc-3.15.4-1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Windows NASL id IPLANET_WEB_PROXY_4_0_24.NASL description The remote host has a version of Oracle iPlanet Web Proxy Server (formerly Sun Java System Web Proxy Server) 4.0 prior to 4.0.24. It is, therefore, affected by the following vulnerabilities : - The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - The implementation of Network Security Services (NSS) does not properly handle the TLS False Start feature and could allow man-in-the-middle attacks. (CVE-2013-1740) - An error exists related to handling input greater than half the maximum size of the last seen 2020-06-01 modified 2020-06-02 plugin id 76592 published 2014-07-18 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76592 title Oracle iPlanet Web Proxy Server 4.0 < 4.0.24 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76592); script_version("1.8"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id( "CVE-2013-1739", "CVE-2013-1740", "CVE-2013-1741", "CVE-2013-5605", "CVE-2013-5606", "CVE-2014-1490", "CVE-2014-1491", "CVE-2014-1492" ); script_bugtraq_id( 62966, 63736, 63737, 63738, 64944, 65332, 65335, 66356 ); script_name(english:"Oracle iPlanet Web Proxy Server 4.0 < 4.0.24 Multiple Vulnerabilities"); script_summary(english:"Checks proxyd.exe's product version."); script_set_attribute(attribute:"synopsis", value: "A web proxy server on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host has a version of Oracle iPlanet Web Proxy Server (formerly Sun Java System Web Proxy Server) 4.0 prior to 4.0.24. It is, therefore, affected by the following vulnerabilities : - The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - The implementation of Network Security Services (NSS) does not properly handle the TLS False Start feature and could allow man-in-the-middle attacks. (CVE-2013-1740) - An error exists related to handling input greater than half the maximum size of the 'PRUint32' value. (CVE-2013-1741) - An error exists in the 'Null_Cipher' function in the file 'ssl/ssl3con.c' related to handling invalid handshake packets that could allow arbitrary code execution. (CVE-2013-5605) - An error exists in the 'CERT_VerifyCert' function in the file 'lib/certhigh/certvfy.c' that could allow invalid certificates to be treated as valid. (CVE-2013-5606) - Network Security Services (NSS) contains a race condition in libssl that occurs during session ticket processing. A remote attacker can exploit this flaw to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491) - An issue exists in the Network Security (NSS) library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue could allow man-in- the-middle attacks. (CVE-2014-1492)"); # https://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixFMW script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d0f65b42"); script_set_attribute(attribute:"solution", value: "Upgrade to version 4.0.24 or later. Note that, in the case of installs on Microsoft Windows hosts, at the time of this writing there is no patch available for Microsoft Windows hosts. Please contact the vendor regarding availability dates for the patch."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/15"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/18"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:iplanet_web_proxy_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("iplanet_web_proxy_installed.nbin"); script_require_keys("SMB/iplanet_web_proxy_server/path", "SMB/iplanet_web_proxy_server/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); app_name = 'Oracle iPlanet Web Proxy Server'; get_install_count(app_name:app_name, exit_if_zero:TRUE); fix = NULL; # Only 1 install of the server is possible. install = get_installs(app_name:app_name); if (install[0] == IF_NOT_FOUND) audit(AUDIT_NOT_INST, app_name); install = install[1][0]; version = install['version']; path = install['path']; fixed_version = '4.0.24'; min_version = '4.0'; if ( ver_compare(ver:version, fix:min_version, strict:FALSE) >= 0 && ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1 ) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);
NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0033_NSS.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has nss packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. (CVE-2018-12384) - The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side- channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. (CVE-2013-1620) - Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. (CVE-2013-1739) - A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) - Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. (CVE-2013-1741) - Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. (CVE-2013-5605) - The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. (CVE-2013-5606) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127200 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127200 title NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0033) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from ZTE advisory NS-SA-2019-0033. The text # itself is copyright (C) ZTE, Inc. include("compat.inc"); if (description) { script_id(127200); script_version("1.2"); script_cvs_date("Date: 2019/10/17 14:31:04"); script_cve_id( "CVE-2013-1620", "CVE-2013-1739", "CVE-2013-1740", "CVE-2013-1741", "CVE-2013-5605", "CVE-2013-5606", "CVE-2018-12384" ); script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0033)"); script_set_attribute(attribute:"synopsis", value: "The remote machine is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has nss packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. (CVE-2018-12384) - The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side- channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. (CVE-2013-1620) - Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. (CVE-2013-1739) - A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) - Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. (CVE-2013-1741) - Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. (CVE-2013-5605) - The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. (CVE-2013-5606) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0033"); script_set_attribute(attribute:"solution", value: "Upgrade the vulnerable CGSL nss packages. Note that updated packages may not be available yet. Please contact ZTE for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5605"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"NewStart CGSL Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/ZTE-CGSL/release"); if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux"); if (release !~ "CGSL CORE 5.04" && release !~ "CGSL MAIN 5.04") audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04'); if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu); flag = 0; pkgs = { "CGSL CORE 5.04": [ "nss-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-debuginfo-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-devel-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-pkcs11-devel-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-sysinit-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-tools-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62" ], "CGSL MAIN 5.04": [ "nss-3.36.0-7.el7_5.cgslv5", "nss-debuginfo-3.36.0-7.el7_5.cgslv5", "nss-devel-3.36.0-7.el7_5.cgslv5", "nss-pkcs11-devel-3.36.0-7.el7_5.cgslv5", "nss-sysinit-3.36.0-7.el7_5.cgslv5", "nss-tools-3.36.0-7.el7_5.cgslv5" ] }; pkg_list = pkgs[release]; foreach (pkg in pkg_list) if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1246.NASL description From Red Hat Security Advisory 2014:1246 : Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. (BZ#1110857, BZ#1110860) This update also fixes the following bugs : * Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as last seen 2020-06-01 modified 2020-06-02 plugin id 77739 published 2014-09-18 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77739 title Oracle Linux 5 : nspr / nss (ELSA-2014-1246) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:1246 and # Oracle Linux Security Advisory ELSA-2014-1246 respectively. # include("compat.inc"); if (description) { script_id(77739); script_version("1.9"); script_cvs_date("Date: 2019/09/30 10:58:19"); script_cve_id("CVE-2013-1740", "CVE-2014-1490", "CVE-2014-1491", "CVE-2014-1492", "CVE-2014-1545"); script_bugtraq_id(64944, 65332, 65335, 66356, 67975); script_xref(name:"RHSA", value:"2014:1246"); script_name(english:"Oracle Linux 5 : nspr / nss (ELSA-2014-1246)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2014:1246 : Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. (BZ#1110857, BZ#1110860) This update also fixes the following bugs : * Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as 'grep', could not handle failures properly. This update improves error detection in the specification file, and 'grep' and other utilities now handle missing files or crashes as intended. (BZ#1035281) * Prior to this update, a subordinate Certificate Authority (CA) of the ANSSI agency incorrectly issued an intermediate certificate installed on a network monitoring device. As a consequence, the monitoring device was enabled to act as an MITM (Man in the Middle) proxy performing traffic management of domain names or IP addresses that the certificate holder did not own or control. The trust in the intermediate certificate to issue the certificate for an MITM device has been revoked, and such a device can no longer be used for MITM attacks. (BZ#1042684) * Due to a regression, MD5 certificates were rejected by default because Network Security Services (NSS) did not trust MD5 certificates. With this update, MD5 certificates are supported in Red Hat Enterprise Linux 5. (BZ#11015864) Users of nss and nspr are advised to upgrade to these updated packages, which correct these issues and add these enhancements." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2014-September/004456.html" ); script_set_attribute( attribute:"solution", value:"Update the affected nspr and / or nss packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/18"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"nss-3.16.1-2.el5")) flag++; if (rpm_check(release:"EL5", reference:"nss-devel-3.16.1-2.el5")) flag++; if (rpm_check(release:"EL5", reference:"nss-pkcs11-devel-3.16.1-2.el5")) flag++; if (rpm_check(release:"EL5", reference:"nss-tools-3.16.1-2.el5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-devel / nss-pkcs11-devel / nss-tools"); }
NASL family Misc. NASL id ORACLE_TRAFFIC_DIRECTOR_JULY_2014_CPU.NASL description The remote host is running an unpatched version of Oracle Traffic Director that is affected by the following vulnerabilities : - The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - The implementation of Network Security Services (NSS) does not properly handle the TLS False Start feature and could allow man-in-the-middle attacks. (CVE-2013-1740) - NSS contains an integer overflow flaw that allows remote attackers to cause a denial of service. (CVE-2013-1741) - An error exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 76938 published 2014-07-31 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76938 title Oracle Traffic Director Multiple Vulnerabilities (July 2014 CPU) code # # (C) Tenable Network Security, Inc. # appname = "Oracle Traffic Director"; include("compat.inc"); if (description) { script_id(76938); script_version("1.6"); script_cvs_date("Date: 2018/11/15 20:50:23"); script_cve_id( "CVE-2013-1739", "CVE-2013-1740", "CVE-2013-1741", "CVE-2013-5605", "CVE-2013-5606", "CVE-2014-1490", "CVE-2014-1491", "CVE-2014-1492" ); script_bugtraq_id( 62966, 63736, 63737, 63738, 64944, 65332, 65335, 66356 ); script_name(english:"Oracle Traffic Director Multiple Vulnerabilities (July 2014 CPU)"); script_summary(english:"Checks for patched files."); script_set_attribute(attribute:"synopsis", value:"The remote host is running software with multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running an unpatched version of Oracle Traffic Director that is affected by the following vulnerabilities : - The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - The implementation of Network Security Services (NSS) does not properly handle the TLS False Start feature and could allow man-in-the-middle attacks. (CVE-2013-1740) - NSS contains an integer overflow flaw that allows remote attackers to cause a denial of service. (CVE-2013-1741) - An error exists in the 'Null_Cipher' function in the file 'ssl/ssl3con.c' related to handling invalid handshake packets that could allow arbitrary code execution. (CVE-2013-5605) - An error exists in the 'CERT_VerifyCert' function in the file 'lib/certhigh/certvfy.c' that could allow invalid certificates to be treated as valid. (CVE-2013-5606) - Network Security Services (NSS) contains a race condition in libssl that occurs during session ticket processing. A remote attacker can exploit this flaw to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491) - An issue exists in the Network Security (NSS) library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue could allow man-in- the-middle attacks. (CVE-2014-1492)"); # https://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?77697fb1"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the July 2014 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/15"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/31"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:traffic_director"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("oracle_traffic_director_detect.nbin"); script_require_keys("installed_sw/" + appname); script_require_ports("Services/www", 8989); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); port = get_http_port(default:8989); installs = get_installs(app_name:appname, port:port); if (installs[0] != IF_OK) audit(AUDIT_WEB_APP_NOT_INST, appname, port); # only one listening install per port / per host possible install = installs[1][0]; version = install['version']; install_url = build_url(port:port, qs:install['path']); if (version !~ "^11\.1\.1\.7(\.0)?$") audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, install_url, version); res1 = http_send_recv3(port:port, method:'GET', item:'/help/support/html/cpyr.htm', exit_on_fail:TRUE); res2 = http_send_recv3(port:port, method:'GET', item:'/js/dojo/td/postinit.js', exit_on_fail:TRUE); # check for unpatched files if ( "<h2>Copyright Notice</h2>" >< res1[2] && res1[2] =~ "Copyright © 1994-201[0-2], Oracle" && "networkPrefixClass" >!< res2[2] && '{"dijit/form/TextBox":function()' >< res2[2] ) { if (report_verbosity > 0) { report = '\n URL : ' + install_url + '\n Installed version : ' + version + '\n Missing patch : 18920619\n'; security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, install_url, version);
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0917.NASL description Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporters of CVE-2014-1544, Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. In addition, the nss package has been upgraded to upstream version 3.16.1, and the nspr package has been upgraded to upstream version 4.10.6. These updated packages provide a number of bug fixes and enhancements over the previous versions. (BZ#1112136, BZ#1112135) Users of NSS and NSPR are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76698 published 2014-07-23 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76698 title RHEL 6 : nss and nspr (RHSA-2014:0917) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0917. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(76698); script_version("1.17"); script_cvs_date("Date: 2019/10/24 15:35:38"); script_cve_id("CVE-2013-1740", "CVE-2014-1490", "CVE-2014-1491", "CVE-2014-1492", "CVE-2014-1544", "CVE-2014-1545"); script_bugtraq_id(64944, 65332, 65335, 66356, 67975, 68816); script_xref(name:"RHSA", value:"2014:0917"); script_name(english:"RHEL 6 : nss and nspr (RHSA-2014:0917)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporters of CVE-2014-1544, Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. In addition, the nss package has been upgraded to upstream version 3.16.1, and the nspr package has been upgraded to upstream version 4.10.6. These updated packages provide a number of bug fixes and enhancements over the previous versions. (BZ#1112136, BZ#1112135) Users of NSS and NSPR are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:0917" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-1544" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-1490" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-1740" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-1492" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-1545" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-1491" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nspr-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nspr-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-util"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-util-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-util-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/18"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:0917"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"nspr-4.10.6-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"nspr-debuginfo-4.10.6-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"nspr-devel-4.10.6-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"nss-3.16.1-4.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"nss-debuginfo-3.16.1-4.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"nss-devel-3.16.1-4.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"nss-pkcs11-devel-3.16.1-4.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"nss-sysinit-3.16.1-4.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"nss-sysinit-3.16.1-4.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"nss-sysinit-3.16.1-4.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"nss-tools-3.16.1-4.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"nss-tools-3.16.1-4.el6_5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"nss-tools-3.16.1-4.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"nss-util-3.16.1-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"nss-util-debuginfo-3.16.1-1.el6_5")) flag++; if (rpm_check(release:"RHEL6", reference:"nss-util-devel-3.16.1-1.el6_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nspr / nspr-debuginfo / nspr-devel / nss / nss-debuginfo / etc"); } }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0979.NASL description An updated rhev-hypervisor6 package that fixes one security issue is now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1491 issue. Upstream acknowledges Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491. This update includes changes to the rhev-hypervisor component : * The most recent build of rhev-hypervisor is included in version 3.4.1. (BZ#1118298) This updated package also provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2014-4699 and CVE-2014-4943 (kernel issues) CVE-2014-4607 (lzo issue) CVE-2013-1740, CVE-2014-1490, CVE-2014-1492, CVE-2014-1545, and CVE-2014-1544 (nss and nspr issues) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package. last seen 2020-06-01 modified 2020-06-02 plugin id 79038 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79038 title RHEL 6 : rhev-hypervisor6 (RHSA-2014:0979) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0979. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(79038); script_version("1.15"); script_cvs_date("Date: 2019/10/24 15:35:38"); script_cve_id("CVE-2014-1491"); script_bugtraq_id(65332); script_xref(name:"RHSA", value:"2014:0979"); script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2014:0979)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated rhev-hypervisor6 package that fixes one security issue is now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1491 issue. Upstream acknowledges Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491. This update includes changes to the rhev-hypervisor component : * The most recent build of rhev-hypervisor is included in version 3.4.1. (BZ#1118298) This updated package also provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2014-4699 and CVE-2014-4943 (kernel issues) CVE-2014-4607 (lzo issue) CVE-2013-1740, CVE-2014-1490, CVE-2014-1492, CVE-2014-1545, and CVE-2014-1544 (nss and nspr issues) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package." ); # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c6b506c4" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:0979" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-1491" ); script_set_attribute( attribute:"solution", value:"Update the affected rhev-hypervisor6 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/06"); script_set_attribute(attribute:"patch_publication_date", value:"2014/07/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:0979"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.5-20140725.0.el6ev")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6"); } }
NASL family CGI abuses NASL id ORACLE_OPENSSO_AGENT_CPU_OCT_2014.NASL description The Oracle OpenSSO agent installed on the remote host is missing a vendor-supplied update. It is, therefore, affected by multiple vulnerabilities in the bundled Mozilla Network Security Services, the most serious of which can allow remote code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 78774 published 2014-10-31 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78774 title Oracle OpenSSO Agent Multiple Vulnerabilities (October 2014 CPU) NASL family Scientific Linux Local Security Checks NASL id SL_20140722_NSS_AND_NSPR_ON_SL6_X.NASL description A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) In addition, the nss package has been upgraded to upstream version 3.16.1, and the nspr package has been upgraded to upstream version 4.10.6. These updated packages provide a number of bug fixes and enhancements over the previous versions. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect. last seen 2020-03-18 modified 2014-07-23 plugin id 76702 published 2014-07-23 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76702 title Scientific Linux Security Update : nss and nspr on SL6.x i386/x86_64 (20140722) NASL family Scientific Linux Local Security Checks NASL id SL_20140916_NSS_AND_NSPR_ON_SL5_X.NASL description A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. This update also fixes the following bugs : - Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as last seen 2020-03-18 modified 2014-09-29 plugin id 77955 published 2014-09-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77955 title Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20140916) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2014-028-02.NASL description New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 72188 published 2014-01-29 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72188 title Slackware 14.0 / 14.1 / current : mozilla-nss (SSA:2014-028-02) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2088-1.NASL description Brian Smith discovered that NSS incorrectly handled the TLS False Start feature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to spoof SSL servers. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2014-01-24 plugin id 72116 published 2014-01-24 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72116 title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : nss vulnerability (USN-2088-1) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL16716.NASL description CVE-2013-1740 The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. CVE-2014-1490 Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. CVE-2014-1491 Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. CVE-2014-1492 The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is iframeded in an internationalized domain name last seen 2020-06-01 modified 2020-06-02 plugin id 91202 published 2016-05-18 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91202 title F5 Networks BIG-IP : Multiple Mozilla NSS vulnerabilities (K16716) NASL family Web Servers NASL id SUN_JAVA_WEB_SERVER_7_0_20.NASL description According to its self-reported version, the Oracle iPlanet Web Server (formerly Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.20. It is, therefore, affected by the following vulnerabilities in the Network Security Services (NSS) : - The implementation of NSS does not ensure that data structures are initialized, which can result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - An error exists in the ssl_Do1stHandshake() function in file sslsecur.c due to unencrypted data being returned from PR_Recv when the TLS False Start feature is enabled. A man-in-the-middle attacker can exploit this, by using an arbitrary X.509 certificate, to spoof SSL servers during certain handshake traffic. (CVE-2013-1740) - An integer overflow condition exists related to handling input greater than half the maximum size of the last seen 2020-06-01 modified 2020-06-02 plugin id 76593 published 2014-07-18 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76593 title Oracle iPlanet Web Server 7.0.x < 7.0.20 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1246.NASL description Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. (BZ#1110857, BZ#1110860) This update also fixes the following bugs : * Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as last seen 2020-06-01 modified 2020-06-02 plugin id 77699 published 2014-09-16 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77699 title RHEL 5 : nss and nspr (RHSA-2014:1246) NASL family Web Servers NASL id GLASSFISH_CPU_JUL_2014.NASL description The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities in the following components : - The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - The implementation of Network Security Services (NSS) does not properly handle the TLS False Start feature and could allow man-in-the-middle attacks. (CVE-2013-1740) - Network Security Services (NSS) contains an integer overflow flaw that allows remote attackers to cause a denial of service. (CVE-2013-1741) - An error exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 76591 published 2014-07-18 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76591 title Oracle GlassFish Server Multiple Vulnerabilities (July 2014 CPU) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-119.NASL description Mozilla Firefox was updated to version 27. Mozilla SeaMonkey was updated to 2.24, fixing similar issues as Firefox 27. Mozilla Thunderbird was updated to 24.3.0, fixing similar issues as Firefox 27. The Firefox 27 release brings TLS 1.2 support as a major security feature. It also fixes following security issues : - MFSA 2014-01/CVE-2014-1477/CVE-2014-1478 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3) - MFSA 2014-02/CVE-2014-1479 (bmo#911864) Clone protected content with XBL scopes - MFSA 2014-03/CVE-2014-1480 (bmo#916726) UI selection timeout missing on download prompts - MFSA 2014-04/CVE-2014-1482 (bmo#943803) Incorrect use of discarded images by RasterImage - MFSA 2014-05/CVE-2014-1483 (bmo#950427) Information disclosure with *FromPoint on iframes - MFSA 2014-06/CVE-2014-1484 (bmo#953993) Profile path leaks to Android system log - MFSA 2014-07/CVE-2014-1485 (bmo#910139) XSLT stylesheets treated as styles in Content Security Policy - MFSA 2014-08/CVE-2014-1486 (bmo#942164) Use-after-free with imgRequestProxy and image proccessing - MFSA 2014-09/CVE-2014-1487 (bmo#947592) Cross-origin information leak through web workers - MFSA 2014-10/CVE-2014-1489 (bmo#959531) Firefox default start page UI content invokable by script - MFSA 2014-11/CVE-2014-1488 (bmo#950604) Crash when using web workers with asm.js - MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 (bmo#934545, bmo#930874, bmo#930857) NSS ticket handling issues - MFSA 2014-13/CVE-2014-1481(bmo#936056) Inconsistent JavaScript handling of access to Window objects Mozilla NSS was updated to 3.15.4 : - required for Firefox 27 - regular CA root store update (1.96) - Reordered the cipher suites offered in SSL/TLS client hello messages to match modern best practices. - Improved SSL/TLS false start. In addition to enabling the SSL_ENABLE_FALSE_START option, an application must now register a callback using the SSL_SetCanFalseStartCallback function. - When false start is enabled, libssl will sometimes return unencrypted, unauthenticated data from PR_Recv (CVE-2013-1740, bmo#919877) - MFSA 2014-12/CVE-2014-1490/CVE-2014-1491 NSS ticket handling issues New functionality - Implemented OCSP querying using the HTTP GET method, which is the new default, and will fall back to the HTTP POST method. - Implemented OCSP server functionality for testing purposes (httpserv utility). - Support SHA-1 signatures with TLS 1.2 client authentication. - Added the --empty-password command-line option to certutil, to be used with -N: use an empty password when creating a new database. - Added the -w command-line option to pp: don last seen 2020-06-05 modified 2014-06-13 plugin id 75253 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75253 title openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2014:0212-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0917.NASL description From Red Hat Security Advisory 2014:0917 : Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporters of CVE-2014-1544, Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. In addition, the nss package has been upgraded to upstream version 3.16.1, and the nspr package has been upgraded to upstream version 4.10.6. These updated packages provide a number of bug fixes and enhancements over the previous versions. (BZ#1112136, BZ#1112135) Users of NSS and NSPR are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76694 published 2014-07-23 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76694 title Oracle Linux 6 : nspr / nss (ELSA-2014-0917) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0917.NASL description Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporters of CVE-2014-1544, Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. In addition, the nss package has been upgraded to upstream version 3.16.1, and the nspr package has been upgraded to upstream version 4.10.6. These updated packages provide a number of bug fixes and enhancements over the previous versions. (BZ#1112136, BZ#1112135) Users of NSS and NSPR are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 76686 published 2014-07-23 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76686 title CentOS 6 : nspr / nss / nss-util (CESA-2014:0917) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1246.NASL description Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. (BZ#1110857, BZ#1110860) This update also fixes the following bugs : * Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as last seen 2020-06-01 modified 2020-06-02 plugin id 77993 published 2014-10-01 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77993 title CentOS 5 : nss (CESA-2014:1246) NASL family Fedora Local Security Checks NASL id FEDORA_2014-1100.NASL description Update of the nss, nss-softokn, and nss-util packages to nss-3.15.4, a patch release for NSS 3.15 which includes the following security-relevant bug : (CVE-2013-1740) When false start is enabled, libssl will sometimes return unencrypted, unauthenticated data from PR_Recv For further details refer to the nss upstream release notes at https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.4_release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-02-04 plugin id 72269 published 2014-02-04 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72269 title Fedora 19 : nss-3.15.4-1.fc19 / nss-softokn-3.15.4-1.fc19 / nss-util-3.15.4-1.fc19 (2014-1100) NASL family Fedora Local Security Checks NASL id FEDORA_2014-1120.NASL description Update of the nss, nss-softokn, and nss-util packages to nss-3.15.4, a patch release for NSS 3.15 which includes the following security-relevant bug : (CVE-2013-1740) When false start is enabled, libssl will sometimes return unencrypted, unauthenticated data from PR_Recv For further details refer to the nss upstream release notes at https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.4_release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-01-21 plugin id 72050 published 2014-01-21 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72050 title Fedora 20 : nss-3.15.4-1.fc20 / nss-softokn-3.15.4-1.fc20 / nss-util-3.15.4-1.fc20 (2014-1120)
Redhat
rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/archive/1/534161/100/0/threaded
- http://www.securityfocus.com/bid/64944
- http://www.ubuntu.com/usn/USN-2088-1
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://bugs.gentoo.org/show_bug.cgi?id=498172
- https://bugzilla.mozilla.org/show_bug.cgi?id=919877
- https://bugzilla.redhat.com/show_bug.cgi?id=1053725
- https://developer.mozilla.org/docs/NSS/NSS_3.15.4_release_notes
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90394