Vulnerabilities > CVE-2014-1568 - Cryptographic Issues vulnerability in Google Chrome
Summary
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1354.NASL description An updated rhev-hypervisor6 package that fixes several security issues is now available. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-6271) It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-7169) A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code. (CVE-2014-7186) An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash. (CVE-2014-7187) Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-6271, and the Mozilla project for reporting CVE-2014-1568. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters of CVE-2014-1568. The CVE-2014-7186 and CVE-2014-7187 issues were discovered by Florian Weimer of Red Hat Product Security. Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package. last seen 2020-04-18 modified 2014-11-08 plugin id 79053 published 2014-11-08 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79053 title RHEL 6 : rhev-hypervisor6 (RHSA-2014:1354) (Shellshock) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:1354. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(79053); script_version("1.24"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/17"); script_cve_id("CVE-2014-1568", "CVE-2014-6271", "CVE-2014-7169", "CVE-2014-7186", "CVE-2014-7187"); script_xref(name:"RHSA", value:"2014:1354"); script_xref(name:"IAVA", value:"2014-A-0142"); script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2014:1354) (Shellshock)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated rhev-hypervisor6 package that fixes several security issues is now available. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-6271) It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-7169) A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code. (CVE-2014-7186) An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash. (CVE-2014-7187) Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-6271, and the Mozilla project for reporting CVE-2014-1568. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters of CVE-2014-1568. The CVE-2014-7186 and CVE-2014-7187 issues were discovered by Florian Weimer of Red Hat Product Security. Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:1354" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-1568" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-6271" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-7169" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-7186" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-7187" ); script_set_attribute( attribute:"solution", value:"Update the affected rhev-hypervisor6 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Qmail SMTP Bash Environment Variable Injection (Shellshock)'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/24"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:1354"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.5-20140930.1.el6ev")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6"); } }
NASL family Windows NASL id GOOGLE_CHROME_37_0_2062_124.NASL description The version of Google Chrome installed on the remote host is a version prior to 37.0.2062.124. It is, therefore, affected by an issue in the Network Security Services (NSS) libraries. This issue is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forgery of RSA signatures, such as SSL certificates. last seen 2020-06-01 modified 2020-06-02 plugin id 77861 published 2014-09-25 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77861 title Google Chrome < 37.0.2062.124 Multiple Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_37_0_2062_124.NASL description The version of Google Chrome installed on the remote Mac OS X host is a version prior to 37.0.2062.124. It is, therefore, affected by an issue in the Network Security Services (NSS) libraries. This issue is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forgery of RSA signatures, such as SSL certificates. last seen 2020-06-01 modified 2020-06-02 plugin id 77862 published 2014-09-25 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77862 title Google Chrome < 37.0.2062.124 Multiple Vulnerabilities (Mac OS X) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3034.NASL description Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy last seen 2020-03-17 modified 2014-09-26 plugin id 77881 published 2014-09-26 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77881 title Debian DSA-3034-1 : iceweasel - security update NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201504-01.NASL description The remote host is affected by the vulnerability described in GLSA-201504-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There are no known workarounds at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 82632 published 2015-04-08 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82632 title GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3037.NASL description Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library, embedded in Wheezy last seen 2020-03-17 modified 2014-09-29 plugin id 77920 published 2014-09-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77920 title Debian DSA-3037-1 : icedove - security update NASL family Windows NASL id SEAMONKEY_2_29_1.NASL description The version of SeaMonkey installed on the remote host is prior to 2.29.1. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates. last seen 2020-06-01 modified 2020-06-02 plugin id 77909 published 2014-09-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77909 title SeaMonkey < 2.29.1 NSS Signature Verification Vulnerability NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2360-2.NASL description USN-2360-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Thunderbird. Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 77852 published 2014-09-25 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77852 title Ubuntu 12.04 LTS / 14.04 LTS : thunderbird vulnerabilities (USN-2360-2) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0082.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : nss - Added nss-vendor.patch to change vendor - Resolves: Bug 1158160 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Remove unused indentation pseudo patch - require nss util 3.16.2.3 - Restore patch for certutil man page - supply missing options descriptions to the man page - Resolves: Bug 1158160 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Resolves: Bug 1165003 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Support TLS_FALLBACK_SCSV in tstclnt and ssltap - Resolves: Bug 1145432 - (CVE-2014-1568) - Fix pem deadlock caused by previous version of a fix for a race condition - Fixes: Bug 1090681 - Add references to bugs filed upstream - Related: Bug 1090681, Bug 1104300 - Resolves: Bug 1090681 - RHDS 9.1 389-ds-base-1.2.11.15-31 crash in PK11_DoesMechanism - Replace expired PayPal test certificate that breaks the build - Related: Bug 1099619 - Fix defects found by coverity - Resolves: Bug 1104300 - Backport nss-3.12.6 upstream fix required by Firefox 31 - Resolves: Bug 1099619 nss-util - Resolves: Bug 1165003 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Fix the required nspr version to be 4.10.6 last seen 2020-06-01 modified 2020-06-02 plugin id 80007 published 2014-12-15 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80007 title OracleVM 3.3 : nss (OVMSA-2014-0082) NASL family Web Servers NASL id SUN_JAVA_WEB_SERVER_7_0_21.NASL description According to its self-reported version, the Oracle iPlanet Web Server (formerly known as Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.21. It is, therefore, affected by a flaw in the Network Security Services (NSS) library due to improper parsing of ASN.1 values in an RSA signature. A man-in-the-middle attacker, using a crafted certificate, can exploit this to forge RSA signatures, such as SSL certificates. last seen 2020-06-01 modified 2020-06-02 plugin id 82995 published 2015-04-22 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82995 title Oracle iPlanet Web Server 7.0.x < 7.0.21 NSS Signature Verification Vulnerability NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2360-1.NASL description Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 77851 published 2014-09-25 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77851 title Ubuntu 12.04 LTS / 14.04 LTS : firefox vulnerabilities (USN-2360-1) NASL family Fedora Local Security Checks NASL id FEDORA_2014-11565.NASL description https://www.mozilla.org/security/announce/2014/mfsa2014-73.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-10-12 plugin id 78368 published 2014-10-12 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78368 title Fedora 19 : nss-3.17.1-1.fc19 / nss-softokn-3.17.1-2.fc19 / nss-util-3.17.1-1.fc19 (2014-11565) NASL family Windows NASL id MOZILLA_FIREFOX_24_8_1_ESR.NASL description The version of Firefox ESR 24.x installed on the remote host is prior to 24.8.1. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates. last seen 2020-06-01 modified 2020-06-02 plugin id 77904 published 2014-09-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77904 title Firefox ESR 24.x < 24.8.1 NSS Signature Verification Vulnerability NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-423.NASL description A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. last seen 2020-06-01 modified 2020-06-02 plugin id 78366 published 2014-10-12 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78366 title Amazon Linux AMI : nss-softokn (ALAS-2014-423) NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_31_1_2.NASL description The version of Thunderbird installed on the remote host is prior to 31.1.2. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates. last seen 2020-06-01 modified 2020-06-02 plugin id 77903 published 2014-09-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77903 title Mozilla Thunderbird < 31.1.2 NSS Signature Verification Vulnerability (Mac OS X) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_BD2EF267448511E4B0B700262D5ED8EE.NASL description Google Chrome Releases reports : [414124] RSA signature malleability in NSS (CVE-2014-1568). Thanks to Antoine Delignat-Lavaud of Prosecco/INRIA, Brian Smith and Advanced Threat Research team at Intel Security last seen 2020-06-01 modified 2020-06-02 plugin id 77884 published 2014-09-26 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77884 title FreeBSD : chromium -- RSA signature malleability in NSS (bd2ef267-4485-11e4-b0b7-00262d5ed8ee) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBFREEBL3-140925.NASL description Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. - Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. (MFSA 2014-73 / CVE-2014-1568) The Advanced Threat Research team at Intel Security also independently discovered and reported this issue. last seen 2020-06-05 modified 2014-09-29 plugin id 77959 published 2014-09-29 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77959 title SuSE 11.3 Security Update : mozilla-nss (SAT Patch Number 9777) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0066.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix SSL_DH_MIN_P_BITS in more places. - Keep SSL_DH_MIN_P_BITS at 768 as in the previously released build. - Run SSL tests - Add compatility patches to prevent regressions - Ensure all ssl.sh tests are executed - Rebase to nss 3.21 - Resolves: Bug 1297944 - Rebase RHEL 5.11.z to NSS 3.21 in preparation for Firefox 45 - Actually apply the fix for CVE-2016-1950 from NSS 3.19.2.3 ... - Include the fix for CVE-2016-1950 from NSS 3.19.2.3 - Resolves: Bug 1269354 - CVE-2015-7182 (CVE-2015-7181) - Rebase nss to 3.19.1 - Pick up upstream fix for client auth. regression caused by 3.19.1 - Revert upstream change to minimum key sizes - Remove patches that rendered obsolote by the rebase - Update existing patches on account of the rebase - Pick up upstream patch from nss-3.19.1 - Resolves: Bug 1236954 - CVE-2015-2730 NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64) - Resolves: Bug 1236967 - CVE-2015-2721 NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71) - On RHEL 6.x keep the TLS version defaults unchanged. - Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1) - Copy PayPalICA.cert and PayPalRootCA.cert to nss/tests/libpkix/certs - Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Update and reeneable nss-646045.patch on account of the rebase - Enable additional ssl test cycles and document why some aren last seen 2020-06-01 modified 2020-06-02 plugin id 91747 published 2016-06-22 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91747 title OracleVM 3.2 : nss (OVMSA-2016-0066) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-62.NASL description Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library) was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification chain to a trusted CA. This update fixes this issue for the NSS libraries. Note that iceweasel, which is also affected by CVE-2014-1568, however has reached end-of-life in Squeeze(-LTS) and thus has not been fixed. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82207 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82207 title Debian DLA-62-1 : nss security update NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_24_8_1.NASL description The version of Thunderbird 24.x installed on the remote host is prior to 24.8.1. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates. last seen 2020-06-01 modified 2020-06-02 plugin id 77902 published 2014-09-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77902 title Mozilla Thunderbird 24.x < 24.8.1 NSS Signature Verification Vulnerability (Mac OS X) NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_24_8_1_ESR.NASL description The version of Firefox ESR 24.x installed on the remote host is prior to 24.8.1. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates. last seen 2020-06-01 modified 2020-06-02 plugin id 77899 published 2014-09-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77899 title Firefox ESR 24.x < 24.8.1 NSS Signature Verification Vulnerability (Mac OS X) NASL family Windows NASL id MOZILLA_THUNDERBIRD_24_8_1.NASL description The version of Thunderbird 24.x installed on the remote host is prior to 24.8.1. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates. last seen 2020-06-01 modified 2020-06-02 plugin id 77907 published 2014-09-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77907 title Mozilla Thunderbird 24.x < 24.8.1 NSS Signature Verification Vulnerability NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0023.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : nss - Added nss-vendor.patch to change vendor - Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1145431 - (CVE-2014-1568) - Resolves: Bug 1145431 - (CVE-2014-1568) - Removed listed but unused patches detected by the rpmdiff test - Resolves: Bug 1099619 - Update some patches on account of the rebase - Resolves: Bug 1099619 - Backport nss-3.12.6 upstream fix required by Firefox 31 - Resolves: Bug 1099619 - Remove two unused patches and apply a needed one that was missed - Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1 - Update to nss-3.16.1 - Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1 - Make pem last seen 2020-06-01 modified 2020-06-02 plugin id 79540 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79540 title OracleVM 3.3 : nss (OVMSA-2014-0023) NASL family Junos Local Security Checks NASL id JUNIPER_SPACE_JSA10698.NASL description According to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R1. It is, therefore, affected by multiple vulnerabilities : - An error exists within the Apache last seen 2020-06-01 modified 2020-06-02 plugin id 91778 published 2016-06-23 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91778 title Juniper Junos Space < 15.1R1 Multiple Vulnerabilities (JSA10698) NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_31_1_1_ESR.NASL description The version of Firefox ESR 31.x installed on the remote host is prior to 31.1.1. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates. last seen 2020-06-01 modified 2020-06-02 plugin id 77900 published 2014-09-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77900 title Firefox ESR 31.x < 31.1.1 NSS Signature Verification Vulnerability (Mac OS X) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-562.NASL description Mozilla NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. last seen 2020-06-05 modified 2014-09-29 plugin id 77965 published 2014-09-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77965 title openSUSE Security Update : mozilla-nss (openSUSE-SU-2014:1232-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-422.NASL description A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. last seen 2020-06-01 modified 2020-06-02 plugin id 78365 published 2014-10-12 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78365 title Amazon Linux AMI : nss-util (ALAS-2014-422) NASL family Web Servers NASL id GLASSFISH_CPU_APR_2015.NASL description The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities : - A flaw exists in the bundled cURL and libcurl packages. The certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) is disabled when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled. This allows a man-in-the-middle attacker to spoof SSL servers via an arbitrary valid certificate. (CVE-2013-4545) - A flaw exists in the bundled Network Security Services (NSS) library due to improper parsing of ASN.1 values in X.509 certificates. This allows a man-in-the-middle attacker to spoof RSA signatures via a crafted certificate. (CVE-2014-1568) - A man-in-the-middle (MitM) information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. MitM attackers can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) last seen 2020-06-01 modified 2020-06-02 plugin id 82902 published 2015-04-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82902 title Oracle GlassFish Server Multiple Vulnerabilities (April 2015 CPU) (POODLE) NASL family Windows NASL id MOZILLA_THUNDERBIRD_31_1_2.NASL description The version of Thunderbird installed on the remote host is prior to 31.1.2. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates. last seen 2020-06-01 modified 2020-06-02 plugin id 77908 published 2014-09-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77908 title Mozilla Thunderbird < 31.1.2 NSS Signature Verification Vulnerability NASL family Windows NASL id IPLANET_WEB_PROXY_4_0_25.NASL description According to its self-reported version, the Oracle iPlanet Web Proxy Server installed on the remote host is version 4.0 prior to 4.0.25. It is, therefore, affected by a flaw in the Network Security Services (NSS) library due to improper parsing of ASN.1 values in an RSA signature. A man-in-the-middle attacker, using a crafted certificate, can exploit this to forge RSA signatures, such as SSL certificates. Note that Oracle iPlanet Web Proxy Server was formerly known as Sun Java System Web Proxy Server. last seen 2020-06-01 modified 2020-06-02 plugin id 82994 published 2015-04-22 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82994 title Oracle iPlanet Web Proxy Server 4.0 < 4.0.25 NSS Signature Verification Vulnerability NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-424.NASL description A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. last seen 2020-06-01 modified 2020-06-02 plugin id 78367 published 2014-10-12 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78367 title Amazon Linux AMI : nss (ALAS-2014-424) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_48108FB0751C4CBB8F3309239EAD4B55.NASL description The Mozilla Project reports : Antoine Delignat-Lavaud discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. last seen 2020-06-01 modified 2020-06-02 plugin id 77883 published 2014-09-26 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77883 title FreeBSD : NSS -- RSA Signature Forgery (48108fb0-751c-4cbb-8f33-09239ead4b55) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2361-1.NASL description Antoine Delignat-Lavaud and others discovered that NSS incorrectly handled parsing ASN.1 values. An attacker could use this issue to forge RSA certificates. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 77853 published 2014-09-25 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77853 title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : nss vulnerability (USN-2361-1) NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_32_0_3.NASL description The version of Firefox installed on the remote host is prior to 32.0.3. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates. last seen 2020-06-01 modified 2020-06-02 plugin id 77901 published 2014-09-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77901 title Firefox < 32.0.3 NSS Signature Verification Vulnerability (Mac OS X) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3033.NASL description Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the Mozilla Network Security Service library) was parsing ASN.1 data used in signatures, making it vulnerable to a signature forgery attack. An attacker could craft ASN.1 data to forge RSA certificates with a valid certification chain to a trusted CA. last seen 2020-03-17 modified 2014-09-26 plugin id 77880 published 2014-09-26 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77880 title Debian DSA-3033-1 : nss - security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1307.NASL description Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters. All NSS users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 77896 published 2014-09-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77896 title RHEL 5 / 6 / 7 : nss (RHSA-2014:1307) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-189.NASL description A vulnerability has been discovered and corrected in Mozilla NSS : Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates (CVE-2014-1568). The updated NSPR packages have been upgraded to the latest 4.10.7 version. The updated NSS packages have been upgraded to the latest 3.17.1 version which is not vulnerable to this issue. Additionally the rootcerts package has also been updated to the latest version as of 2014-08-05. last seen 2020-06-01 modified 2020-06-02 plugin id 77889 published 2014-09-26 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77889 title Mandriva Linux Security Advisory : nss (MDVSA-2014:189) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1510-1.NASL description - update to Firefox 31.2.0 ESR (bnc#900941) - MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 (bmo#1001994, bmo#1011354, bmo#1018916, bmo#1020034, bmo#1023035, bmo#1032208, bmo#1033020, bmo#1034230, bmo#1061214, bmo#1061600, bmo#1064346, bmo#1072044, bmo#1072174) Miscellaneous memory safety hazards (rv:33.0/rv:31.2) - MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation - MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms - MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video - MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality - MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876, bmo#1062981) Inconsistent video sharing within iframe - MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API - SSLv3 is disabled by default. See README.POODLE for more detailed information. - disable call home features - update to 3.17.2 (bnc#900941) Bugfix release - bmo#1049435 - Importing an RSA private key fails if p < q - bmo#1057161 - NSS hangs with 100% CPU on invalid EC key - bmo#1078669 - certutil crashes when using the --certVersion parameter - changes from earlier version of the 3.17 branch: update to 3.17.1 (bnc#897890) - MFSA 2014-73/CVE-2014-1568 (bmo#1064636, bmo#1069405) RSA Signature Forgery in NSS - Change library last seen 2020-06-05 modified 2015-05-27 plugin id 83849 published 2015-05-27 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83849 title SUSE SLED12 / SLES12 Security Update : MozillaFirefox / mozilla-nss (SUSE-SU-2014:1510-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1371.NASL description Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters. All NSS users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79055 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79055 title RHEL 4 / 5 / 6 : nss (RHSA-2014:1371) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1307.NASL description Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters. All NSS users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 77918 published 2014-09-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77918 title CentOS 5 / 6 / 7 : nss (CESA-2014:1307) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-059.NASL description Multiple vulnerabilities has been found and corrected in the Mozilla NSS and NSPR packages : The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name last seen 2020-06-01 modified 2020-06-02 plugin id 81942 published 2015-03-19 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81942 title Mandriva Linux Security Advisory : nss (MDVSA-2015:059) NASL family Fedora Local Security Checks NASL id FEDORA_2014-11518.NASL description https://www.mozilla.org/security/announce/2014/mfsa2014-73.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-09-29 plugin id 77940 published 2014-09-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77940 title Fedora 20 : nss-3.17.1-1.fc20 / nss-softokn-3.17.1-2.fc20 / nss-util-3.17.1-1.fc20 (2014-11518) NASL family Windows NASL id MOZILLA_FIREFOX_32_0_3.NASL description The version of Firefox installed on the remote host is prior to 32.0.3. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates. last seen 2020-06-01 modified 2020-06-02 plugin id 77906 published 2014-09-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77906 title Firefox < 32.0.3 NSS Signature Verification Vulnerability NASL family Scientific Linux Local Security Checks NASL id SL_20140926_NSS_ON_SL5_X.NASL description A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) After installing this update, applications using NSS must be restarted for this update to take effect. last seen 2020-03-18 modified 2014-09-29 plugin id 77957 published 2014-09-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77957 title Scientific Linux Security Update : nss on SL5.x, SL6.x i386/x86_64 (20140926) NASL family Fedora Local Security Checks NASL id FEDORA_2014-11632.NASL description https://www.mozilla.org/security/announce/2014/mfsa2014-73.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-09-29 plugin id 77944 published 2014-09-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77944 title Fedora 21 : nss-3.17.1-1.fc21 / nss-softokn-3.17.1-2.fc21 / nss-util-3.17.1-1.fc21 (2014-11632) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1307.NASL description From Red Hat Security Advisory 2014:1307 : Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters. All NSS users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 77952 published 2014-09-29 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77952 title Oracle Linux 5 / 6 / 7 : nss (ELSA-2014-1307) NASL family Windows NASL id MOZILLA_FIREFOX_31_1_1_ESR.NASL description The version of Firefox ESR 31.x installed on the remote host is prior to 31.1.1. It is, therefore, affected by a flaw in the Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates. last seen 2020-06-01 modified 2020-06-02 plugin id 77905 published 2014-09-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77905 title Firefox ESR 31.x < 31.1.1 NSS Signature Verification Vulnerability
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_24.html
- http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html
- http://rhn.redhat.com/errata/RHSA-2014-1307.html
- http://rhn.redhat.com/errata/RHSA-2014-1354.html
- http://rhn.redhat.com/errata/RHSA-2014-1371.html
- http://secunia.com/advisories/61540
- http://secunia.com/advisories/61574
- http://secunia.com/advisories/61575
- http://secunia.com/advisories/61576
- http://secunia.com/advisories/61583
- http://www.debian.org/security/2014/dsa-3033
- http://www.debian.org/security/2014/dsa-3034
- http://www.debian.org/security/2014/dsa-3037
- http://www.kb.cert.org/vuls/id/772676
- http://www.mozilla.org/security/announce/2014/mfsa2014-73.html
- http://www.novell.com/support/kb/doc.php?id=7015701
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/70116
- http://www.ubuntu.com/usn/USN-2360-1
- http://www.ubuntu.com/usn/USN-2360-2
- http://www.ubuntu.com/usn/USN-2361-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1064636
- https://bugzilla.mozilla.org/show_bug.cgi?id=1069405
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96194
- https://security.gentoo.org/glsa/201504-01