Vulnerabilities > CVE-2016-5285 - NULL Pointer Dereference vulnerability in multiple products

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla NSS 3.1 Mozilla NSS 3.1.1 Mozilla NSS 3.2 Mozilla NSS 3.2.1 Mozilla NSS 3.3 Mozilla NSS 3.3.1 Mozilla NSS 3.3.2 Mozilla NSS 3.4 Mozilla NSS 3.4.1 Mozilla NSS 3.4.2 Mozilla NSS 3.4.3 Mozilla NSS 3.6 Mozilla NSS 3.6.1 Mozilla NSS 3.7 Mozilla NSS 3.7.1 Mozilla NSS 3.7.2 Mozilla NSS 3.7.3 Mozilla NSS 3.7.5 Mozilla NSS 3.7.7 Mozilla NSS 3.8 Mozilla NSS 3.9 Mozilla NSS 3.9.1 Mozilla NSS 3.9.2 Mozilla NSS 3.9.3 Mozilla NSS 3.9.4 Mozilla NSS 3.9.5 Mozilla NSS 3.10 Mozilla NSS 3.10.1 Mozilla NSS 3.10.2 Mozilla NSS 3.11 Mozilla NSS 3.11.1 Mozilla NSS 3.11.2 Mozilla NSS 3.11.3 Mozilla NSS 3.11.4 Mozilla NSS 3.11.5 Mozilla NSS 3.11.6 Mozilla NSS 3.11.7 Mozilla NSS 3.11.8 Mozilla NSS 3.11.9 Mozilla NSS 3.11.10 Mozilla NSS 3.12 Mozilla NSS 3.12.1 Mozilla NSS 3.12.2 Mozilla NSS 3.12.3 Mozilla NSS 3.12.3.1 Mozilla NSS 3.12.3.2 Mozilla NSS 3.12.4 Mozilla NSS 3.12.5 Mozilla NSS 3.12.6 Mozilla NSS 3.14 Mozilla NSS 3.14.1 Mozilla NSS 3.14.2 Mozilla NSS 3.14.3 Mozilla NSS 3.14.4 Mozilla NSS 3.14.5 Mozilla NSS 3.15 Mozilla NSS 3.15.1 Mozilla NSS 3.15.2 Mozilla NSS 3.15.3 Mozilla NSS 3.15.3.1 Mozilla NSS 3.15.4 Mozilla NSS 3.15.5 Mozilla NSS 3.16 Mozilla NSS 3.16.1 Mozilla NSS 3.16.2 Mozilla NSS 3.16.2.1 Mozilla NSS 3.16.2.2 Mozilla NSS 3.16.2.3 Mozilla NSS 3.16.3 Mozilla NSS 3.16.4 Mozilla NSS 3.16.5 Mozilla NSS 3.16.6 Mozilla NSS 3.17 Mozilla NSS 3.17.1 Mozilla NSS 3.17.2 Mozilla NSS 3.17.3 Mozilla NSS 3.17.4 Mozilla NSS 3.18 Mozilla NSS 3.18.1 Mozilla NSS 3.19 Mozilla NSS 3.19.1 Mozilla NSS 3.19.2 Mozilla NSS 3.19.3 Mozilla NSS 3.20 Mozilla NSS 3.20.1 Mozilla NSS 3.21 Mozilla NSS 3.21.1 Mozilla NSS 3.21.2 Mozilla NSS 3.21.3 Mozilla NSS 3.21.4 Mozilla NSS 3.22 Mozilla NSS 3.22.1 Mozilla NSS 3.22.2 Mozilla NSS 3.23 Mozilla NSS 3.24 Mozilla NSS 3.25 Mozilla NSS 3.25.1	97
Application	Avaya Avaya Aura Application Enablement Services * Avaya Aura Application Enablement Services 7.0 Avaya Aura Application Server 5300 3.0 Avaya Aura Communication Manager 6.3.0.1 Avaya Aura Communication Manager 6.3.1.0 Avaya Aura Communication Manager 6.3.2.0 Avaya Aura Communication Manager 6.3.2.1 Avaya Aura Communication Manager 6.3.4.1 Avaya Aura Communication Manager 6.3.6.1 Avaya Aura Communication Manager 6.3.7.0 Avaya Aura Communication Manager 6.3.7.1 Avaya Aura Communication Manager 6.3.8.0 Avaya Aura Communication Manager 6.3.9.0 Avaya Aura Communication Manager 6.3.10.0 Avaya Aura Communication Manager 6.3.11.0 Avaya Aura Communication Manager 6.3.11.1 Avaya Aura Communication Manager 6.3.12.0 Avaya Aura Communication Manager 6.3.13.0 Avaya Aura Communication Manager 6.3.14.0 Avaya Aura Communication Manager 6.3.15.1 Avaya Aura Communication Manager 6.3.16.0 Avaya Aura Communication Manager 6.3.17.0 Avaya Aura Communication Manager 6.3.111.0 Avaya Aura Communication Manager 6.3.112.0 Avaya Aura Communication Manager 6.3.114.0 Avaya Aura Communication Manager 6.3.115.0 Avaya Aura Communication Manager 6.3.116.0 Avaya Aura Communication Manager 6.3.117.0 Avaya Aura Communication Manager 7.0 Avaya Aura Communication Manager Messagint 7.0 Avaya Breeze Platform * Avaya Call Management System 17.0 Avaya Call Management System * Avaya IQ 5.2.X Avaya Aura Conferencing 7.0 Avaya Aura Conferencing 7.2 Avaya Aura Conferencing 8.0 Avaya Aura Experience Portal * Avaya IP Office 8.1 Avaya IP Office 9.1 Avaya IP Office 10.0 Avaya Aura Messaging 6.3 Avaya Aura Messaging 6.3.3 Avaya Aura Session Manager * Avaya Aura Session Manager 7.0 Avaya Aura Session Manager 7.0.1 Avaya Aura System Manager * Avaya Aura Utility Services * Avaya Meeting Exchange 6.2 Avaya Message Networking * Avaya ONE X Client Enablement Services 6.2 Avaya Proactive Contact *	107
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 9.0 Debian Debian Linux 10.0	3
OS	Redhat Redhat Enterprise Linux 5.0 Redhat Enterprise Linux 6.0 Redhat Enterprise Linux 7.0	3
OS	Suse Suse Linux Enterprise Server 11	1
OS	Avaya Avaya Cs1000E Firmware * Avaya Cs1000M Firmware * Avaya Cs1000E/Cs1000M Signaling Server Firmware * Avaya Session Border Controller FOR Enterprise Firmware * Avaya Aura System Platform Firmware *	5
Hardware	Avaya Avaya Cs1000E - Avaya Cs1000M - Avaya Cs1000E/Cs1000M Signaling Server - Avaya Session Border Controller FOR Enterprise - Avaya Aura System Platform -	5

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Nessus

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2016-774.NASL
description	CVE-2016-2834 nss: Multiple security flaws (MFSA 2016-61) Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. CVE-2016-8635 nss: small-subgroups attack flaw It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. CVE-2016-5285 nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS.
last seen	2020-06-01
modified	2020-06-02
plugin id	95894
published	2016-12-16
reporter	This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/95894
title	Amazon Linux AMI : nss-util / nss,nss-softokn (ALAS-2016-774)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2016-774. # include("compat.inc"); if (description) { script_id(95894); script_version("3.2"); script_cvs_date("Date: 2018/04/18 15:09:36"); script_cve_id("CVE-2016-2834", "CVE-2016-5285", "CVE-2016-8635"); script_xref(name:"ALAS", value:"2016-774"); script_name(english:"Amazon Linux AMI : nss-util / nss,nss-softokn (ALAS-2016-774)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "CVE-2016-2834 nss: Multiple security flaws (MFSA 2016-61) Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. CVE-2016-8635 nss: small-subgroups attack flaw It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. CVE-2016-5285 nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2016-774.html" ); script_set_attribute( attribute:"solution", value: "Run 'yum update nss-util' to update your system. Run 'yum update nss' to update your system. Run 'yum update nss-softokn' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-freebl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-freebl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-util"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-util-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-util-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"nss-3.21.3-2.77.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"nss-debuginfo-3.21.3-2.77.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"nss-devel-3.21.3-2.77.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"nss-pkcs11-devel-3.21.3-2.77.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"nss-softokn-3.16.2.3-14.4.39.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"nss-softokn-debuginfo-3.16.2.3-14.4.39.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"nss-softokn-devel-3.16.2.3-14.4.39.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"nss-softokn-freebl-3.16.2.3-14.4.39.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"nss-softokn-freebl-devel-3.16.2.3-14.4.39.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"nss-sysinit-3.21.3-2.77.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"nss-tools-3.21.3-2.77.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"nss-util-3.21.3-1.1.51.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"nss-util-debuginfo-3.21.3-1.1.51.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"nss-util-devel-3.21.3-1.1.51.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-softokn / etc"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3163-1.NASL
description	It was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause NSS to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5285) Hubert Kario discovered that NSS incorrectly handled Diffie Hellman client key exchanges. A remote attacker could possibly use this flaw to perform a small subgroup confinement attack and recover private keys. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8635) Franziskus Kiefer discovered that NSS incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys. (CVE-2016-9074) This update refreshes the NSS package to version 3.26.2 which includes the latest CA certificate bundle. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	96304
published	2017-01-05
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96304
title	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : nss vulnerabilities (USN-3163-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3163-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(96304); script_version("3.9"); script_cvs_date("Date: 2019/11/25"); script_cve_id("CVE-2016-5285", "CVE-2016-8635", "CVE-2016-9074"); script_xref(name:"USN", value:"3163-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : nss vulnerabilities (USN-3163-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause NSS to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5285) Hubert Kario discovered that NSS incorrectly handled Diffie Hellman client key exchanges. A remote attacker could possibly use this flaw to perform a small subgroup confinement attack and recover private keys. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8635) Franziskus Kiefer discovered that NSS incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys. (CVE-2016-9074) This update refreshes the NSS package to version 3.26.2 which includes the latest CA certificate bundle. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3163-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libnss3 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04\|14\.04\|16\.04\|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04 / 16.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"libnss3", pkgver:"2:3.26.2-0ubuntu0.12.04.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libnss3", pkgver:"2:3.26.2-0ubuntu0.14.04.3")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libnss3", pkgver:"2:3.26.2-0ubuntu0.16.04.2")) flag++; if (ubuntu_check(osver:"16.10", pkgname:"libnss3", pkgver:"2:3.26.2-0ubuntu0.16.10.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libnss3"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-3105-1.NASL
description	This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026) : - CVE-2016-9079: Use-after-free in SVG Animation (bsc#1012964 MFSA 2016-92) - CVE-2016-5297: Incorrect argument length checking in JavaScript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3 : - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed : - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	95797
published	2016-12-14
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95797
title	SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3105-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:3105-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(95797); script_version("3.9"); script_cvs_date("Date: 2019/09/11 11:22:14"); script_cve_id("CVE-2016-5285", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074", "CVE-2016-9079"); script_name(english:"SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3105-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026) : - CVE-2016-9079: Use-after-free in SVG Animation (bsc#1012964 MFSA 2016-92) - CVE-2016-5297: Incorrect argument length checking in JavaScript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3 : - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed : - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1000751" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1009026" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1010395" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1010401" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1010402" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1010404" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1010410" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1010422" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1010427" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1010517" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1012964" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=992549" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5285/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5290/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5291/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5296/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5297/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9064/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9066/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9074/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9079/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20163105-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1593bc97" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11-SP2-LTSS:zypper in -t patch slessp2-mfs2016-90-12883=1 SUSE Linux Enterprise Debuginfo 11-SP2:zypper in -t patch dbgsp2-mfs2016-90-12883=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP2", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"libfreebl3-32bit-3.21.3-30.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"mozilla-nss-32bit-3.21.3-30.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"libfreebl3-32bit-3.21.3-30.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"mozilla-nss-32bit-3.21.3-30.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"MozillaFirefox-45.5.1esr-63.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"MozillaFirefox-translations-45.5.1esr-63.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"libfreebl3-3.21.3-30.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"mozilla-nss-3.21.3-30.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"mozilla-nss-devel-3.21.3-30.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"mozilla-nss-tools-3.21.3-30.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / mozilla-nss"); }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20161116_NSS_AND_NSS_UTIL_ON_SL5_X.NASL
description	The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.12.3), nss-util (3.12.3). Security Fix(es) : - Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) - A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) - It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635)
last seen	2020-03-18
modified	2016-11-22
plugin id	95052
published	2016-11-22
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95052
title	Scientific Linux Security Update : nss and nss-util on SL5.x, SL6.x, SL7.x i386/x86_64 (20161116)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(95052); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2016-2834", "CVE-2016-5285", "CVE-2016-8635"); script_name(english:"Scientific Linux Security Update : nss and nss-util on SL5.x, SL6.x, SL7.x i386/x86_64 (20161116)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.12.3), nss-util (3.12.3). Security Fix(es) : - Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) - A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) - It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1611&L=scientific-linux-errata&F=&S=&P=2517 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7d7102ad" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-util"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-util-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-util-devel"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/13"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"nss-3.21.3-2.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"nss-debuginfo-3.21.3-2.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"nss-devel-3.21.3-2.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"nss-pkcs11-devel-3.21.3-2.el5_11")) flag++; if (rpm_check(release:"SL5", reference:"nss-tools-3.21.3-2.el5_11")) flag++; if (rpm_check(release:"SL6", reference:"nss-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"SL6", reference:"nss-debuginfo-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"SL6", reference:"nss-devel-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"SL6", reference:"nss-pkcs11-devel-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"SL6", reference:"nss-sysinit-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"SL6", reference:"nss-tools-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"SL6", reference:"nss-util-3.21.3-1.el6_8")) flag++; if (rpm_check(release:"SL6", reference:"nss-util-debuginfo-3.21.3-1.el6_8")) flag++; if (rpm_check(release:"SL6", reference:"nss-util-devel-3.21.3-1.el6_8")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-debuginfo-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-devel-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-pkcs11-devel-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-sysinit-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-tools-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-util-3.21.3-1.1.el7_3")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-util-debuginfo-3.21.3-1.1.el7_3")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-util-devel-3.21.3-1.1.el7_3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-sysinit / etc"); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2016-1084.NASL
description	According to the versions of the nss nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) - A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) - It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2017-05-01
plugin id	99843
published	2017-05-01
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/99843
title	Checks the rpm output for the updated packages.
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(99843); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2016-2834", "CVE-2016-5285", "CVE-2016-8635" ); script_name(english:"EulerOS 2.0 SP1 : nss nss-util (EulerOS-SA-2016-1084)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the nss nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) - A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) - It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1084 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1ea9a4a4"); script_set_attribute(attribute:"solution", value: "Update the affected nss nss-util packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nss-util"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nss-util-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) \|\| sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["nss-3.21.3-2", "nss-devel-3.21.3-2", "nss-sysinit-3.21.3-2", "nss-tools-3.21.3-2", "nss-util-3.21.3-1.1", "nss-util-devel-3.21.3-1.1"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss nss-util"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-3014-1.NASL
description	This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5 (bsc#1009026) : - CVE-2016-5297: Incorrect argument length checking in JavaScript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3 : - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed : - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) The Mozilla Firefox changelog was amended to document patched dropped in a previous update. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	95565
published	2016-12-06
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95565
title	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3014-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:3014-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(95565); script_version("2.7"); script_cvs_date("Date: 2019/09/11 11:22:14"); script_cve_id("CVE-2016-5285", "CVE-2016-5290", "CVE-2016-5291", "CVE-2016-5296", "CVE-2016-5297", "CVE-2016-9064", "CVE-2016-9066", "CVE-2016-9074"); script_name(english:"SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3014-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5 (bsc#1009026) : - CVE-2016-5297: Incorrect argument length checking in JavaScript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3 : - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed : - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) The Mozilla Firefox changelog was amended to document patched dropped in a previous update. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1009026" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1010395" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1010401" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1010402" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1010404" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1010410" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1010422" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1010427" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1010517" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=992549" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5285/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5290/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5291/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5296/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5297/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9064/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9066/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-9074/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20163014-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d7fce6b6" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2016-1754=1 SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1754=1 SUSE Linux Enterprise Server for SAP 12:zypper in -t patch SUSE-SLE-SAP-12-2016-1754=1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2016-1754=1 SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2016-1754=1 SUSE Linux Enterprise Server 12-SP1:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1754=1 SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-2016-1754=1 SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2016-1754=1 SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1754=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:MozillaFirefox-translations"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libfreebl3-hmac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoftokn3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoftokn3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libsoftokn3-hmac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-certs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-certs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-sysinit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:mozilla-nss-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S\|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12\|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0\|1\|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1/2", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(1\|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1/2", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", reference:"MozillaFirefox-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"MozillaFirefox-debuginfo-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"MozillaFirefox-debugsource-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"MozillaFirefox-translations-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libfreebl3-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libfreebl3-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libfreebl3-hmac-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libsoftokn3-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libsoftokn3-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libsoftokn3-hmac-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"mozilla-nss-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"mozilla-nss-certs-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"mozilla-nss-certs-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"mozilla-nss-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"mozilla-nss-debugsource-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"mozilla-nss-sysinit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"mozilla-nss-sysinit-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"mozilla-nss-tools-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"mozilla-nss-tools-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libfreebl3-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libfreebl3-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libfreebl3-hmac-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libsoftokn3-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libsoftokn3-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libsoftokn3-hmac-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"mozilla-nss-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"mozilla-nss-certs-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"mozilla-nss-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"mozilla-nss-sysinit-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-debuginfo-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-debugsource-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"MozillaFirefox-translations-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libfreebl3-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libfreebl3-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libfreebl3-hmac-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libsoftokn3-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libsoftokn3-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libsoftokn3-hmac-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-certs-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-certs-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-debugsource-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-sysinit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-sysinit-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-tools-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-tools-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libfreebl3-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libfreebl3-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libfreebl3-hmac-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libsoftokn3-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libsoftokn3-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"libsoftokn3-hmac-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-certs-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-sysinit-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"MozillaFirefox-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"MozillaFirefox-debugsource-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"MozillaFirefox-translations-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libfreebl3-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libfreebl3-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libfreebl3-hmac-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libsoftokn3-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libsoftokn3-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libsoftokn3-hmac-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-certs-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-debugsource-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-sysinit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-tools-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-tools-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libfreebl3-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libfreebl3-hmac-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libsoftokn3-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libsoftokn3-hmac-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"MozillaFirefox-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"MozillaFirefox-debugsource-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"MozillaFirefox-translations-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libfreebl3-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libfreebl3-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libfreebl3-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libsoftokn3-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libsoftokn3-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libsoftokn3-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"mozilla-nss-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"mozilla-nss-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"mozilla-nss-certs-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"mozilla-nss-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"mozilla-nss-debugsource-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"mozilla-nss-sysinit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"mozilla-nss-tools-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"mozilla-nss-tools-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"MozillaFirefox-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"MozillaFirefox-debuginfo-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"MozillaFirefox-debugsource-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"MozillaFirefox-translations-45.5.0esr-88.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libfreebl3-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libfreebl3-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libfreebl3-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libsoftokn3-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libsoftokn3-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libsoftokn3-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-certs-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-debugsource-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-sysinit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-tools-3.21.3-50.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"mozilla-nss-tools-debuginfo-3.21.3-50.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MozillaFirefox / mozilla-nss"); }

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201701-46.NASL
description	The remote host is affected by the vulnerability described in GLSA-201701-46 (Mozilla Network Security Service (NSS): Multiple vulnerabilities) Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers and technical papers referenced below for details. Impact : Remote attackers could conduct man-in-the-middle attacks, obtain access to private key information, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	96643
published	2017-01-20
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/96643
title	GLSA-201701-46 : Mozilla Network Security Service (NSS): Multiple vulnerabilities (Logjam) (SLOTH)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201701-46. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(96643); script_version("3.3"); script_cvs_date("Date: 2019/11/25"); script_cve_id("CVE-2015-2721", "CVE-2015-4000", "CVE-2015-7575", "CVE-2016-1938", "CVE-2016-5285", "CVE-2016-8635", "CVE-2016-9074"); script_xref(name:"GLSA", value:"201701-46"); script_name(english:"GLSA-201701-46 : Mozilla Network Security Service (NSS): Multiple vulnerabilities (Logjam) (SLOTH)"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201701-46 (Mozilla Network Security Service (NSS): Multiple vulnerabilities) Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers and technical papers referenced below for details. Impact : Remote attackers could conduct man-in-the-middle attacks, obtain access to private key information, or cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://www.mitls.org/pages/attacks/SLOTH" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201701-46" ); script_set_attribute( attribute:"solution", value: "All NSS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/nss-3.28'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:nss"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/20"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-libs/nss", unaffected:make_list("ge 3.28"), vulnerable:make_list("lt 3.28"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mozilla Network Security Service (NSS)"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2016-2779.NASL
description	An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.21.3), nss-util (3.21.3). Security Fix(es) : * Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) * A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) * It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635) Red Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original reporter of CVE-2016-2834.
last seen	2020-06-01
modified	2020-06-02
plugin id	94912
published	2016-11-16
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94912
title	RHEL 5 / 6 / 7 : nss and nss-util (RHSA-2016:2779)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:2779. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(94912); script_version("2.14"); script_cvs_date("Date: 2019/10/24 15:35:42"); script_cve_id("CVE-2016-2834", "CVE-2016-5285", "CVE-2016-8635"); script_xref(name:"RHSA", value:"2016:2779"); script_name(english:"RHEL 5 / 6 / 7 : nss and nss-util (RHSA-2016:2779)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.21.3), nss-util (3.21.3). Security Fix(es) : * Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) * A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) * It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635) Red Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original reporter of CVE-2016-2834." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2016:2779" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-2834" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-8635" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-5285" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-util"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-util-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-util-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/13"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5\|6\|7)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x / 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2016:2779"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"nss-3.21.3-2.el5_11")) flag++; if (rpm_check(release:"RHEL5", reference:"nss-debuginfo-3.21.3-2.el5_11")) flag++; if (rpm_check(release:"RHEL5", reference:"nss-devel-3.21.3-2.el5_11")) flag++; if (rpm_check(release:"RHEL5", reference:"nss-pkcs11-devel-3.21.3-2.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"nss-tools-3.21.3-2.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"nss-tools-3.21.3-2.el5_11")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"nss-tools-3.21.3-2.el5_11")) flag++; if (rpm_check(release:"RHEL6", reference:"nss-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"RHEL6", reference:"nss-debuginfo-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"RHEL6", reference:"nss-devel-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"RHEL6", reference:"nss-pkcs11-devel-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"nss-sysinit-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"nss-sysinit-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"nss-sysinit-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"nss-tools-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"nss-tools-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"nss-tools-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"RHEL6", reference:"nss-util-3.21.3-1.el6_8")) flag++; if (rpm_check(release:"RHEL6", reference:"nss-util-debuginfo-3.21.3-1.el6_8")) flag++; if (rpm_check(release:"RHEL6", reference:"nss-util-devel-3.21.3-1.el6_8")) flag++; if (rpm_check(release:"RHEL7", reference:"nss-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"RHEL7", reference:"nss-debuginfo-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"RHEL7", reference:"nss-devel-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"RHEL7", reference:"nss-pkcs11-devel-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"nss-sysinit-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nss-sysinit-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"nss-tools-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nss-tools-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"RHEL7", reference:"nss-util-3.21.3-1.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", reference:"nss-util-debuginfo-3.21.3-1.1.el7_3")) flag++; if (rpm_check(release:"RHEL7", reference:"nss-util-devel-3.21.3-1.1.el7_3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-sysinit / etc"); } }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2016-2779.NASL
description	An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.21.3), nss-util (3.21.3). Security Fix(es) : * Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) * A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) * It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635) Red Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original reporter of CVE-2016-2834.
last seen	2020-06-01
modified	2020-06-02
plugin id	94981
published	2016-11-21
reporter	This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94981
title	CentOS 5 / 6 / 7 : nss / nss-util (CESA-2016:2779)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:2779 and # CentOS Errata and Security Advisory 2016:2779 respectively. # include("compat.inc"); if (description) { script_id(94981); script_version("3.11"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2016-2834", "CVE-2016-5285", "CVE-2016-8635"); script_xref(name:"RHSA", value:"2016:2779"); script_name(english:"CentOS 5 / 6 / 7 : nss / nss-util (CESA-2016:2779)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.21.3), nss-util (3.21.3). Security Fix(es) : * Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) * A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) * It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635) Red Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original reporter of CVE-2016-2834." ); # https://lists.centos.org/pipermail/centos-announce/2016-November/022151.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7a63c1d2" ); # https://lists.centos.org/pipermail/centos-announce/2016-November/022152.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?19919c24" ); # https://lists.centos.org/pipermail/centos-announce/2016-November/022159.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?292c9a0a" ); # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003683.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?761aaeb0" ); # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003684.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e8590820" ); script_set_attribute( attribute:"solution", value:"Update the affected nss and / or nss-util packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2834"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss-util"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss-util-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/13"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(5\|6\|7)([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x / 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"nss-3.21.3-2.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"nss-devel-3.21.3-2.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"nss-pkcs11-devel-3.21.3-2.el5_11")) flag++; if (rpm_check(release:"CentOS-5", reference:"nss-tools-3.21.3-2.el5_11")) flag++; if (rpm_check(release:"CentOS-6", reference:"nss-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"CentOS-6", reference:"nss-devel-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"CentOS-6", reference:"nss-pkcs11-devel-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"CentOS-6", reference:"nss-sysinit-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"CentOS-6", reference:"nss-tools-3.21.3-2.el6_8")) flag++; if (rpm_check(release:"CentOS-6", reference:"nss-util-3.21.3-1.el6_8")) flag++; if (rpm_check(release:"CentOS-6", reference:"nss-util-devel-3.21.3-1.el6_8")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"nss-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"nss-devel-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"nss-pkcs11-devel-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"nss-sysinit-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"nss-tools-3.21.3-2.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"nss-util-3.21.3-1.1.el7_3")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"nss-util-devel-3.21.3-1.1.el7_3")) flag++; if (flag) { cr_plugin_caveat = '\n' + 'NOTE: The security advisory associated with this vulnerability has a\n' + 'fixed package version that may only be available in the continuous\n' + 'release (CR) repository for CentOS, until it is present in the next\n' + 'point release of CentOS.\n\n' + 'If an equal or higher package level does not exist in the baseline\n' + 'repository for your major version of CentOS, then updates from the CR\n' + 'repository will need to be applied in order to address the\n' + 'vulnerability.\n'; security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + cr_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-devel / nss-pkcs11-devel / nss-sysinit / nss-tools / etc"); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2016-2779.NASL
description	From Red Hat Security Advisory 2016:2779 : An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.21.3), nss-util (3.21.3). Security Fix(es) : * Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) * A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) * It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635) Red Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original reporter of CVE-2016-2834.
last seen	2020-06-01
modified	2020-06-02
plugin id	94927
published	2016-11-17
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/94927
title	Oracle Linux 5 / 6 / 7 : nss / nss-util (ELSA-2016-2779)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2016-3080-1.NASL
description	This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026 bsc#1012964) : - CVE-2016-9079: Use-after-free in SVG Animation (MFSA 2016-92 bsc#1012964) - CVE-2016-5297: Incorrect argument length checking in JavaScript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3 : - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed : - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	95712
published	2016-12-12
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/95712
title	SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3080-1)

Redhat

rpms

nss-0:3.21.3-2.el5_11
nss-0:3.21.3-2.el6_8
nss-0:3.21.3-2.el7_3
nss-debuginfo-0:3.21.3-2.el5_11
nss-debuginfo-0:3.21.3-2.el6_8
nss-debuginfo-0:3.21.3-2.el7_3
nss-devel-0:3.21.3-2.el5_11
nss-devel-0:3.21.3-2.el6_8
nss-devel-0:3.21.3-2.el7_3
nss-pkcs11-devel-0:3.21.3-2.el5_11
nss-pkcs11-devel-0:3.21.3-2.el6_8
nss-pkcs11-devel-0:3.21.3-2.el7_3
nss-sysinit-0:3.21.3-2.el6_8
nss-sysinit-0:3.21.3-2.el7_3
nss-tools-0:3.21.3-2.el5_11
nss-tools-0:3.21.3-2.el6_8
nss-tools-0:3.21.3-2.el7_3
nss-util-0:3.21.3-1.1.el7_3
nss-util-0:3.21.3-1.el6_8
nss-util-debuginfo-0:3.21.3-1.1.el7_3
nss-util-debuginfo-0:3.21.3-1.el6_8
nss-util-devel-0:3.21.3-1.1.el7_3
nss-util-devel-0:3.21.3-1.el6_8

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References