Vulnerabilities > CVE-2016-8635

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
high complexity
mozilla
redhat
nessus

Summary

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

Nessus

  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-774.NASL
    descriptionCVE-2016-2834 nss: Multiple security flaws (MFSA 2016-61) Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. CVE-2016-8635 nss: small-subgroups attack flaw It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. CVE-2016-5285 nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS.
    last seen2020-06-01
    modified2020-06-02
    plugin id95894
    published2016-12-16
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/95894
    titleAmazon Linux AMI : nss-util / nss,nss-softokn (ALAS-2016-774)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2016-774.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(95894);
      script_version("3.2");
      script_cvs_date("Date: 2018/04/18 15:09:36");
    
      script_cve_id("CVE-2016-2834", "CVE-2016-5285", "CVE-2016-8635");
      script_xref(name:"ALAS", value:"2016-774");
    
      script_name(english:"Amazon Linux AMI : nss-util / nss,nss-softokn (ALAS-2016-774)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "CVE-2016-2834 nss: Multiple security flaws (MFSA 2016-61)
    
    Multiple buffer handling flaws were found in the way NSS handled
    cryptographic data from the network. A remote attacker could use these
    flaws to crash an application using NSS or, possibly, execute
    arbitrary code with the permission of the user running the
    application.
    
    CVE-2016-8635 nss: small-subgroups attack flaw
    
    It was found that Diffie Hellman Client key exchange handling in NSS
    was vulnerable to small subgroup confinement attack. An attacker could
    use this flaw to recover private keys by confining the client DH key
    to small subgroup of the desired group.
    
    CVE-2016-5285 nss: Missing NULL check in PK11_SignWithSymKey /
    ssl3_ComputeRecordMACConstantTime causes server crash
    
    A NULL pointer dereference flaw was found in the way NSS handled
    invalid Diffie-Hellman keys. A remote client could use this flaw to
    crash a TLS/SSL server using NSS."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2016-774.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Run 'yum update nss-util' to update your system.
    
    Run 'yum update nss' to update your system.
    
    Run 'yum update nss-softokn' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-pkcs11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-freebl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-freebl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-sysinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-util");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-util-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-util-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"nss-3.21.3-2.77.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-debuginfo-3.21.3-2.77.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-devel-3.21.3-2.77.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-pkcs11-devel-3.21.3-2.77.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-softokn-3.16.2.3-14.4.39.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-softokn-debuginfo-3.16.2.3-14.4.39.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-softokn-devel-3.16.2.3-14.4.39.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-softokn-freebl-3.16.2.3-14.4.39.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-softokn-freebl-devel-3.16.2.3-14.4.39.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-sysinit-3.21.3-2.77.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-tools-3.21.3-2.77.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-util-3.21.3-1.1.51.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-util-debuginfo-3.21.3-1.1.51.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-util-devel-3.21.3-1.1.51.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-softokn / etc");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2016-0160.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Mozilla #1314604 / Red Hat (CVE-2016-8635) - Rebase to NSS 3.21.3 - Resolves: Bug 1347908
    last seen2020-06-01
    modified2020-06-02
    plugin id94931
    published2016-11-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94931
    titleOracleVM 3.2 : nss (OVMSA-2016-0160)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3163-1.NASL
    descriptionIt was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause NSS to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5285) Hubert Kario discovered that NSS incorrectly handled Diffie Hellman client key exchanges. A remote attacker could possibly use this flaw to perform a small subgroup confinement attack and recover private keys. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8635) Franziskus Kiefer discovered that NSS incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys. (CVE-2016-9074) This update refreshes the NSS package to version 3.26.2 which includes the latest CA certificate bundle. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96304
    published2017-01-05
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96304
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : nss vulnerabilities (USN-3163-1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2016-0159.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : nss - Added nss-vendor.patch to change vendor - Mozilla #1314604 / Red Hat (CVE-2016-8635) - remove disable_hw_gcm.patch which hasn
    last seen2020-06-01
    modified2020-06-02
    plugin id94930
    published2016-11-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94930
    titleOracleVM 3.3 / 3.4 : nssnss-util (OVMSA-2016-0159)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20161116_NSS_AND_NSS_UTIL_ON_SL5_X.NASL
    descriptionThe nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.12.3), nss-util (3.12.3). Security Fix(es) : - Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) - A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) - It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635)
    last seen2020-03-18
    modified2016-11-22
    plugin id95052
    published2016-11-22
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95052
    titleScientific Linux Security Update : nss and nss-util on SL5.x, SL6.x, SL7.x i386/x86_64 (20161116)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1084.NASL
    descriptionAccording to the versions of the nss nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) - A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) - It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99843
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99843
    titleChecks the rpm output for the updated packages.
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1248-1.NASL
    descriptionMozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 (close to release draft) and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox (bsc#1035082) - MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generated code - MFSA 2017-11/CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - MFSA 2017-11/CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - MFSA 2017-11/CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - MFSA 2017-11/CVE-2017-5437: Vulnerabilities in Libevent library - MFSA 2017-11/CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - MFSA 2017-11/CVE-2017-5435: Use-after-free during transaction processing in the editor - MFSA 2017-11/CVE-2017-5434: Use-after-free during focus handling - MFSA 2017-11/CVE-2017-5433: Use-after-free in SMIL animation functions - MFSA 2017-11/CVE-2017-5432: Use-after-free in text input selection - MFSA 2017-11/CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - MFSA 2017-11/CVE-2017-5465: Out-of-bounds read in ConvolvePixel - MFSA 2017-11/CVE-2017-5460: Use-after-free in frame selection - MFSA 2017-11/CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - MFSA 2017-11/CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - MFSA 2017-11/CVE-2017-5447: Out-of-bounds read during glyph processing - MFSA 2017-11/CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5442: Use-after-free during style changes - MFSA 2017-11/CVE-2017-5443: Out-of-bounds write during BinHex decoding - MFSA 2017-11/CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - MFSA 2017-11/CVE-2017-5441: Use-after-free with selection during scroll events - MFSA 2017-11/CVE-2017-5459: Buffer overflow in WebGL Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs : - Update to NSS 3.29.5 : - MFSA 2017-11/CVE-2017-5461: Rare crashes in the base 64 decoder and encoder were fixed. - MFSA 2017-11/CVE-2017-5462: A carry over bug in the RNG was fixed. - CVE-2016-9574: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA (bsc#1015499). - requires NSPR >= 4.13.1 - Update to NSS 3.29.3 - enables TLS 1.3 by default - Fixed a bug in hash computation (and build with GCC 7 which complains about shifts of boolean values). (bsc#1030071, bmo#1348767) - Update to NSS 3.28.3 This is a patch release to fix binary compatibility issues. - Update to NSS 3.28.1 This is a patch release to update the list of root CA certificates. - The following CA certificates were Removed CN = Buypass Class 2 CA 1 CN = Root CA Generalitat Valenciana OU = RSA Security 2048 V3 - The following CA certificates were Added OU = AC RAIZ FNMT-RCM CN = Amazon Root CA 1 CN = Amazon Root CA 2 CN = Amazon Root CA 3 CN = Amazon Root CA 4 CN = LuxTrust Global Root 2 CN = Symantec Class 1 Public Primary Certification Authority - G4 CN = Symantec Class 1 Public Primary Certification Authority - G6 CN = Symantec Class 2 Public Primary Certification Authority - G4 CN = Symantec Class 2 Public Primary Certification Authority - G6 - The version number of the updated root CA list has been set to 2.11 - Update to NSS 3.28 New functionality : - NSS includes support for TLS 1.3 draft -18. This includes a number of improvements to TLS 1.3 : - The signed certificate timestamp, used in certificate transparency, is supported in TLS 1.3. - Key exporters for TLS 1.3 are supported. This includes the early key exporter, which can be used if 0-RTT is enabled. Note that there is a difference between TLS 1.3 and key exporters in older versions of TLS. TLS 1.3 does not distinguish between an empty context and no context. - The TLS 1.3 (draft) protocol can be enabled, by defining NSS_ENABLE_TLS_1_3=1 when building NSS. - NSS includes support for the X25519 key exchange algorithm, which is supported and enabled by default in all versions of TLS. Notable Changes : - NSS can no longer be compiled with support for additional elliptic curves. This was previously possible by replacing certain NSS source files. - NSS will now detect the presence of tokens that support additional elliptic curves and enable those curves for use in TLS. Note that this detection has a one-off performance cost, which can be avoided by using the SSL_NamedGroupConfig function to limit supported groups to those that NSS provides. - PKCS#11 bypass for TLS is no longer supported and has been removed. - Support for
    last seen2020-06-01
    modified2020-06-02
    plugin id100151
    published2017-05-12
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100151
    titleSUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss, mozilla-nspr, java-1_8_0-openjdk (SUSE-SU-2017:1248-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-46.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-46 (Mozilla Network Security Service (NSS): Multiple vulnerabilities) Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers and technical papers referenced below for details. Impact : Remote attackers could conduct man-in-the-middle attacks, obtain access to private key information, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96643
    published2017-01-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96643
    titleGLSA-201701-46 : Mozilla Network Security Service (NSS): Multiple vulnerabilities (Logjam) (SLOTH)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1175-1.NASL
    descriptionMozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 (close to release draft) and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox (bsc#1035082) - MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generated code - MFSA 2017-11/CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - MFSA 2017-11/CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - MFSA 2017-11/CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - MFSA 2017-11/CVE-2017-5437: Vulnerabilities in Libevent library - MFSA 2017-11/CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - MFSA 2017-11/CVE-2017-5435: Use-after-free during transaction processing in the editor - MFSA 2017-11/CVE-2017-5434: Use-after-free during focus handling - MFSA 2017-11/CVE-2017-5433: Use-after-free in SMIL animation functions - MFSA 2017-11/CVE-2017-5432: Use-after-free in text input selection - MFSA 2017-11/CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - MFSA 2017-11/CVE-2017-5465: Out-of-bounds read in ConvolvePixel - MFSA 2017-11/CVE-2017-5460: Use-after-free in frame selection - MFSA 2017-11/CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - MFSA 2017-11/CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - MFSA 2017-11/CVE-2017-5447: Out-of-bounds read during glyph processing - MFSA 2017-11/CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content - MFSA 2017-11/CVE-2017-5442: Use-after-free during style changes - MFSA 2017-11/CVE-2017-5443: Out-of-bounds write during BinHex decoding - MFSA 2017-11/CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - MFSA 2017-11/CVE-2017-5441: Use-after-free with selection during scroll events - MFSA 2017-11/CVE-2017-5459: Buffer overflow in WebGL Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs : - Update to NSS 3.29.5 : - MFSA 2017-11/CVE-2017-5461: Rare crashes in the base 64 decoder and encoder were fixed. - MFSA 2017-11/CVE-2017-5462: A carry over bug in the RNG was fixed. - CVE-2016-9574: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA (bsc#1015499). - requires NSPR >= 4.13.1 - Update to NSS 3.29.3 - enables TLS 1.3 by default - Fixed a bug in hash computation (and build with GCC 7 which complains about shifts of boolean values). (bsc#1030071, bmo#1348767) - Update to NSS 3.28.3 This is a patch release to fix binary compatibility issues. - Update to NSS 3.28.1 This is a patch release to update the list of root CA certificates. - The following CA certificates were Removed CN = Buypass Class 2 CA 1 CN = Root CA Generalitat Valenciana OU = RSA Security 2048 V3 - The following CA certificates were Added OU = AC RAIZ FNMT-RCM CN = Amazon Root CA 1 CN = Amazon Root CA 2 CN = Amazon Root CA 3 CN = Amazon Root CA 4 CN = LuxTrust Global Root 2 CN = Symantec Class 1 Public Primary Certification Authority - G4 CN = Symantec Class 1 Public Primary Certification Authority - G6 CN = Symantec Class 2 Public Primary Certification Authority - G4 CN = Symantec Class 2 Public Primary Certification Authority - G6 - The version number of the updated root CA list has been set to 2.11 - Update to NSS 3.28 New functionality : - NSS includes support for TLS 1.3 draft -18. This includes a number of improvements to TLS 1.3 : - The signed certificate timestamp, used in certificate transparency, is supported in TLS 1.3. - Key exporters for TLS 1.3 are supported. This includes the early key exporter, which can be used if 0-RTT is enabled. Note that there is a difference between TLS 1.3 and key exporters in older versions of TLS. TLS 1.3 does not distinguish between an empty context and no context. - The TLS 1.3 (draft) protocol can be enabled, by defining NSS_ENABLE_TLS_1_3=1 when building NSS. - NSS includes support for the X25519 key exchange algorithm, which is supported and enabled by default in all versions of TLS. Notable Changes : - NSS can no longer be compiled with support for additional elliptic curves. This was previously possible by replacing certain NSS source files. - NSS will now detect the presence of tokens that support additional elliptic curves and enable those curves for use in TLS. Note that this detection has a one-off performance cost, which can be avoided by using the SSL_NamedGroupConfig function to limit supported groups to those that NSS provides. - PKCS#11 bypass for TLS is no longer supported and has been removed. - Support for
    last seen2020-06-01
    modified2020-06-02
    plugin id99992
    published2017-05-05
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99992
    titleSUSE SLES11 Security Update : MozillaFirefox, mozilla-nss, mozilla-nspr (SUSE-SU-2017:1175-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2779.NASL
    descriptionAn update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.21.3), nss-util (3.21.3). Security Fix(es) : * Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) * A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) * It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635) Red Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original reporter of CVE-2016-2834.
    last seen2020-06-01
    modified2020-06-02
    plugin id94912
    published2016-11-16
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94912
    titleRHEL 5 / 6 / 7 : nss and nss-util (RHSA-2016:2779)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2779.NASL
    descriptionAn update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.21.3), nss-util (3.21.3). Security Fix(es) : * Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) * A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) * It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635) Red Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original reporter of CVE-2016-2834.
    last seen2020-06-01
    modified2020-06-02
    plugin id94981
    published2016-11-21
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94981
    titleCentOS 5 / 6 / 7 : nss / nss-util (CESA-2016:2779)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2779.NASL
    descriptionFrom Red Hat Security Advisory 2016:2779 : An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.21.3), nss-util (3.21.3). Security Fix(es) : * Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) * A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) * It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635) Red Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original reporter of CVE-2016-2834.
    last seen2020-06-01
    modified2020-06-02
    plugin id94927
    published2016-11-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94927
    titleOracle Linux 5 / 6 / 7 : nss / nss-util (ELSA-2016-2779)

Redhat

advisories
bugzilla
id1391818
titleCVE-2016-8635 nss: small-subgroups attack flaw
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentnss is earlier than 0:3.21.3-2.el5_11
          ovaloval:com.redhat.rhsa:tst:20162779001
        • commentnss is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20150925010
      • AND
        • commentnss-devel is earlier than 0:3.21.3-2.el5_11
          ovaloval:com.redhat.rhsa:tst:20162779003
        • commentnss-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20150925006
      • AND
        • commentnss-pkcs11-devel is earlier than 0:3.21.3-2.el5_11
          ovaloval:com.redhat.rhsa:tst:20162779005
        • commentnss-pkcs11-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20150925008
      • AND
        • commentnss-tools is earlier than 0:3.21.3-2.el5_11
          ovaloval:com.redhat.rhsa:tst:20162779007
        • commentnss-tools is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhba:tst:20150925012
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • commentnss-util-devel is earlier than 0:3.21.3-1.el6_8
          ovaloval:com.redhat.rhsa:tst:20162779010
        • commentnss-util-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20150364016
      • AND
        • commentnss-util is earlier than 0:3.21.3-1.el6_8
          ovaloval:com.redhat.rhsa:tst:20162779012
        • commentnss-util is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20150364018
      • AND
        • commentnss-pkcs11-devel is earlier than 0:3.21.3-2.el6_8
          ovaloval:com.redhat.rhsa:tst:20162779014
        • commentnss-pkcs11-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20150364006
      • AND
        • commentnss-tools is earlier than 0:3.21.3-2.el6_8
          ovaloval:com.redhat.rhsa:tst:20162779016
        • commentnss-tools is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20150364012
      • AND
        • commentnss is earlier than 0:3.21.3-2.el6_8
          ovaloval:com.redhat.rhsa:tst:20162779018
        • commentnss is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20150364010
      • AND
        • commentnss-devel is earlier than 0:3.21.3-2.el6_8
          ovaloval:com.redhat.rhsa:tst:20162779020
        • commentnss-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20150364014
      • AND
        • commentnss-sysinit is earlier than 0:3.21.3-2.el6_8
          ovaloval:com.redhat.rhsa:tst:20162779022
        • commentnss-sysinit is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20150364008
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • commentnss-util-devel is earlier than 0:3.21.3-1.1.el7_3
          ovaloval:com.redhat.rhsa:tst:20162779025
        • commentnss-util-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20150364016
      • AND
        • commentnss-util is earlier than 0:3.21.3-1.1.el7_3
          ovaloval:com.redhat.rhsa:tst:20162779026
        • commentnss-util is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20150364018
      • AND
        • commentnss-pkcs11-devel is earlier than 0:3.21.3-2.el7_3
          ovaloval:com.redhat.rhsa:tst:20162779027
        • commentnss-pkcs11-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20150364006
      • AND
        • commentnss-devel is earlier than 0:3.21.3-2.el7_3
          ovaloval:com.redhat.rhsa:tst:20162779028
        • commentnss-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20150364014
      • AND
        • commentnss-tools is earlier than 0:3.21.3-2.el7_3
          ovaloval:com.redhat.rhsa:tst:20162779029
        • commentnss-tools is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20150364012
      • AND
        • commentnss-sysinit is earlier than 0:3.21.3-2.el7_3
          ovaloval:com.redhat.rhsa:tst:20162779030
        • commentnss-sysinit is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20150364008
      • AND
        • commentnss is earlier than 0:3.21.3-2.el7_3
          ovaloval:com.redhat.rhsa:tst:20162779031
        • commentnss is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20150364010
rhsa
idRHSA-2016:2779
released2016-11-16
severityModerate
titleRHSA-2016:2779: nss and nss-util security update (Moderate)
rpms
  • nss-0:3.21.3-2.el5_11
  • nss-0:3.21.3-2.el6_8
  • nss-0:3.21.3-2.el7_3
  • nss-debuginfo-0:3.21.3-2.el5_11
  • nss-debuginfo-0:3.21.3-2.el6_8
  • nss-debuginfo-0:3.21.3-2.el7_3
  • nss-devel-0:3.21.3-2.el5_11
  • nss-devel-0:3.21.3-2.el6_8
  • nss-devel-0:3.21.3-2.el7_3
  • nss-pkcs11-devel-0:3.21.3-2.el5_11
  • nss-pkcs11-devel-0:3.21.3-2.el6_8
  • nss-pkcs11-devel-0:3.21.3-2.el7_3
  • nss-sysinit-0:3.21.3-2.el6_8
  • nss-sysinit-0:3.21.3-2.el7_3
  • nss-tools-0:3.21.3-2.el5_11
  • nss-tools-0:3.21.3-2.el6_8
  • nss-tools-0:3.21.3-2.el7_3
  • nss-util-0:3.21.3-1.1.el7_3
  • nss-util-0:3.21.3-1.el6_8
  • nss-util-debuginfo-0:3.21.3-1.1.el7_3
  • nss-util-debuginfo-0:3.21.3-1.el6_8
  • nss-util-devel-0:3.21.3-1.1.el7_3
  • nss-util-devel-0:3.21.3-1.el6_8