Vulnerabilities > CVE-2018-12384 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Mozilla Network Security Services

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

mozilla

CWE-335

nessus

NVD

Published: 2019-04-29

Updated: 2020-08-24

Summary

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Network Security Services - Mozilla Network Security Services 3.1 Mozilla Network Security Services 3.1.1 Mozilla Network Security Services 3.2 Mozilla Network Security Services 3.2.1 Mozilla Network Security Services 3.3 Mozilla Network Security Services 3.3.1 Mozilla Network Security Services 3.3.2 Mozilla Network Security Services 3.4 Mozilla Network Security Services 3.4.1 Mozilla Network Security Services 3.4.2 Mozilla Network Security Services 3.4.3 Mozilla Network Security Services 3.5 Mozilla Network Security Services 3.6 Mozilla Network Security Services 3.6.1 Mozilla Network Security Services 3.7 Mozilla Network Security Services 3.7.1 Mozilla Network Security Services 3.7.2 Mozilla Network Security Services 3.7.3 Mozilla Network Security Services 3.7.5 Mozilla Network Security Services 3.7.7 Mozilla Network Security Services 3.8 Mozilla Network Security Services 3.9 Mozilla Network Security Services 3.9.1 Mozilla Network Security Services 3.9.2 Mozilla Network Security Services 3.9.3 Mozilla Network Security Services 3.9.4 Mozilla Network Security Services 3.9.5 Mozilla Network Security Services 3.10 Mozilla Network Security Services 3.10.1 Mozilla Network Security Services 3.10.2 Mozilla Network Security Services 3.11 Mozilla Network Security Services 3.11.1 Mozilla Network Security Services 3.11.2 Mozilla Network Security Services 3.11.3 Mozilla Network Security Services 3.11.4 Mozilla Network Security Services 3.11.5 Mozilla Network Security Services 3.11.6 Mozilla Network Security Services 3.11.7 Mozilla Network Security Services 3.11.8 Mozilla Network Security Services 3.11.9 Mozilla Network Security Services 3.11.10 Mozilla Network Security Services 3.12 Mozilla Network Security Services 3.12.1 Mozilla Network Security Services 3.12.2 Mozilla Network Security Services 3.12.3 Mozilla Network Security Services 3.12.3.1 Mozilla Network Security Services 3.12.3.2 Mozilla Network Security Services 3.12.4 Mozilla Network Security Services 3.12.5 Mozilla Network Security Services 3.12.6 Mozilla Network Security Services 3.12.7 Mozilla Network Security Services 3.12.8 Mozilla Network Security Services 3.12.9 Mozilla Network Security Services 3.12.10 Mozilla Network Security Services 3.12.11 Mozilla Network Security Services 3.14 Mozilla Network Security Services 3.14.1 Mozilla Network Security Services 3.14.2 Mozilla Network Security Services 3.14.3 Mozilla Network Security Services 3.14.4 Mozilla Network Security Services 3.14.5 Mozilla Network Security Services 3.15 Mozilla Network Security Services 3.15.1 Mozilla Network Security Services 3.15.2 Mozilla Network Security Services 3.15.3 Mozilla Network Security Services 3.15.3.1 Mozilla Network Security Services 3.15.4 Mozilla Network Security Services 3.15.5 Mozilla Network Security Services 3.16 Mozilla Network Security Services 3.16.1 Mozilla Network Security Services 3.16.2 Mozilla Network Security Services 3.16.2.1 Mozilla Network Security Services 3.16.2.2 Mozilla Network Security Services 3.16.2.3 Mozilla Network Security Services 3.16.3 Mozilla Network Security Services 3.16.4 Mozilla Network Security Services 3.16.5 Mozilla Network Security Services 3.16.6 Mozilla Network Security Services 3.17 Mozilla Network Security Services 3.17.1 Mozilla Network Security Services 3.17.2 Mozilla Network Security Services 3.17.3 Mozilla Network Security Services 3.17.4 Mozilla Network Security Services 3.18 Mozilla Network Security Services 3.18.1 Mozilla Network Security Services 3.19 Mozilla Network Security Services 3.19.1 Mozilla Network Security Services 3.19.2 Mozilla Network Security Services 3.19.2.0 Mozilla Network Security Services 3.19.3 Mozilla Network Security Services 3.20 Mozilla Network Security Services 3.20.0 Mozilla Network Security Services 3.20.1 Mozilla Network Security Services 3.21 Mozilla Network Security Services 3.21.1 Mozilla Network Security Services 3.21.2 Mozilla Network Security Services 3.21.3 Mozilla Network Security Services 3.21.4 Mozilla Network Security Services 3.22 Mozilla Network Security Services 3.22.1 Mozilla Network Security Services 3.22.2 Mozilla Network Security Services 3.23 Mozilla Network Security Services 3.24 Mozilla Network Security Services 3.25 Mozilla Network Security Services 3.25.0 Mozilla Network Security Services 3.25.1 Mozilla Network Security Services 3.26 Mozilla Network Security Services 3.26.0 Mozilla Network Security Services 3.26.2 Mozilla Network Security Services 3.27 Mozilla Network Security Services 3.27.0 Mozilla Network Security Services 3.27.1 Mozilla Network Security Services 3.27.2 Mozilla Network Security Services 3.28 Mozilla Network Security Services 3.28.0 Mozilla Network Security Services 3.28.1 Mozilla Network Security Services 3.28.2 Mozilla Network Security Services 3.28.3 Mozilla Network Security Services 3.28.4 Mozilla Network Security Services 3.28.5 Mozilla Network Security Services 3.29 Mozilla Network Security Services 3.29.1 Mozilla Network Security Services 3.29.2 Mozilla Network Security Services 3.29.3 Mozilla Network Security Services 3.29.5 Mozilla Network Security Services 3.30 Mozilla Network Security Services 3.30.1 Mozilla Network Security Services 3.30.2 Mozilla Network Security Services 3.31 Mozilla Network Security Services 3.31.1 Mozilla Network Security Services 3.32 Mozilla Network Security Services 3.33 Mozilla Network Security Services 3.34 Mozilla Network Security Services 3.34.1 Mozilla Network Security Services 3.35 Mozilla Network Security Services 3.36 Mozilla Network Security Services 3.36.1 Mozilla Network Security Services 3.36.2 Mozilla Network Security Services 3.36.4 Mozilla Network Security Services 3.36.7 Mozilla Network Security Services 3.37 Mozilla Network Security Services 3.37.1 Mozilla Network Security Services 3.37.3 Mozilla Network Security Services 3.38	145

Common Weakness Enumeration (CWE)

CWE-335 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-1540.NASL
description	This update for mozilla-nss to version 3.36.6 fixes the following issues : Security issues fixed : - CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random (bmo#1483128, boo#1106873) - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bmo#1485864, boo#1119069)
last seen	2020-06-05
modified	2018-12-14
plugin id	119670
published	2018-12-14
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119670
title	openSUSE Security Update : mozilla-nss (openSUSE-2018-1540)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-1540. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(119670); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-12384", "CVE-2018-12404"); script_name(english:"openSUSE Security Update : mozilla-nss (openSUSE-2018-1540)"); script_summary(english:"Check for the openSUSE-2018-1540 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for mozilla-nss to version 3.36.6 fixes the following issues : Security issues fixed : - CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random (bmo#1483128, boo#1106873) - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bmo#1485864, boo#1119069)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106873" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119069" ); script_set_attribute( attribute:"solution", value:"Update the affected mozilla-nss packages." ); script_set_attribute(attribute:"risk_factor", value:"Medium"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0\|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"libfreebl3-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libfreebl3-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libsoftokn3-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libsoftokn3-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-certs-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-certs-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-debugsource-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-devel-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-sysinit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-sysinit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-tools-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-tools-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libfreebl3-32bit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libfreebl3-32bit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libsoftokn3-32bit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libsoftokn3-32bit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-32bit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-32bit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libfreebl3-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libfreebl3-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsoftokn3-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsoftokn3-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-certs-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-certs-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-debugsource-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-devel-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-sysinit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-sysinit-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-tools-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-tools-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libfreebl3-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsoftokn3-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.36.6-54.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libfreebl3 / libfreebl3-debuginfo / libsoftokn3 / etc"); }

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2018-2768.NASL
description	From Red Hat Security Advisory 2018:2768 : An update for nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	117768
published	2018-09-27
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117768
title	Oracle Linux 7 : nss (ELSA-2018-2768)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:2768 and # Oracle Linux Security Advisory ELSA-2018-2768 respectively. # include("compat.inc"); if (description) { script_id(117768); script_version("1.3"); script_cvs_date("Date: 2019/09/27 13:00:38"); script_cve_id("CVE-2018-12384"); script_xref(name:"RHSA", value:"2018:2768"); script_name(english:"Oracle Linux 7 : nss (ELSA-2018-2768)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2018:2768 : An update for nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2018-September/008049.html" ); script_set_attribute(attribute:"solution", value:"Update the affected nss packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"nss-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"nss-devel-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"nss-pkcs11-devel-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"nss-sysinit-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"nss-tools-3.36.0-7.el7_5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-devel / nss-pkcs11-devel / nss-sysinit / nss-tools"); }

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20180925_NSS_ON_SL7_X.NASL
description	Security Fix(es) : - nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384)
last seen	2020-03-18
modified	2018-09-27
plugin id	117788
published	2018-09-27
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117788
title	Scientific Linux Security Update : nss on SL7.x x86_64 (20180925)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(117788); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2018-12384"); script_name(english:"Scientific Linux Security Update : nss on SL7.x x86_64 (20180925)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1809&L=scientific-linux-errata&F=&S=&P=3288 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7386605e" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-tools"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-debuginfo-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-devel-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-pkcs11-devel-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-sysinit-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-tools-3.36.0-7.el7_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-sysinit / etc"); }

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0033_NSS.NASL
description	The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has nss packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. (CVE-2018-12384) - The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side- channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. (CVE-2013-1620) - Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. (CVE-2013-1739) - A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) - Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. (CVE-2013-1741) - Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. (CVE-2013-5605) - The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. (CVE-2013-5606) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	127200
published	2019-08-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127200
title	NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0033)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from ZTE advisory NS-SA-2019-0033. The text # itself is copyright (C) ZTE, Inc. include("compat.inc"); if (description) { script_id(127200); script_version("1.2"); script_cvs_date("Date: 2019/10/17 14:31:04"); script_cve_id( "CVE-2013-1620", "CVE-2013-1739", "CVE-2013-1740", "CVE-2013-1741", "CVE-2013-5605", "CVE-2013-5606", "CVE-2018-12384" ); script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0033)"); script_set_attribute(attribute:"synopsis", value: "The remote machine is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has nss packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. (CVE-2018-12384) - The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side- channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. (CVE-2013-1620) - Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. (CVE-2013-1739) - A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) - Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. (CVE-2013-1741) - Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. (CVE-2013-5605) - The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. (CVE-2013-5606) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0033"); script_set_attribute(attribute:"solution", value: "Upgrade the vulnerable CGSL nss packages. Note that updated packages may not be available yet. Please contact ZTE for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5605"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"NewStart CGSL Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/ZTE-CGSL/release"); if (isnull(release) \|\| release !~ "^CGSL (MAIN\|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux"); if (release !~ "CGSL CORE 5.04" && release !~ "CGSL MAIN 5.04") audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04'); if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu); flag = 0; pkgs = { "CGSL CORE 5.04": [ "nss-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-debuginfo-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-devel-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-pkcs11-devel-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-sysinit-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-tools-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62" ], "CGSL MAIN 5.04": [ "nss-3.36.0-7.el7_5.cgslv5", "nss-debuginfo-3.36.0-7.el7_5.cgslv5", "nss-devel-3.36.0-7.el7_5.cgslv5", "nss-pkcs11-devel-3.36.0-7.el7_5.cgslv5", "nss-sysinit-3.36.0-7.el7_5.cgslv5", "nss-tools-3.36.0-7.el7_5.cgslv5" ] }; pkg_list = pkgs[release]; foreach (pkg in pkg_list) if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-4A21A8CA59.NASL
description	Updates the nss family of packages to upstream NSPR 4.20 and NSS 3.39. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39 _release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-09-18
plugin id	117532
published	2018-09-18
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117532
title	Fedora 27 : nspr / nss / nss-softokn / nss-util (2018-4a21a8ca59)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-4a21a8ca59. # include("compat.inc"); if (description) { script_id(117532); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-12384"); script_xref(name:"FEDORA", value:"2018-4a21a8ca59"); script_name(english:"Fedora 27 : nspr / nss / nss-softokn / nss-util (2018-4a21a8ca59)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updates the nss family of packages to upstream NSPR 4.20 and NSS 3.39. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39 _release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-4a21a8ca59" ); # https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6a93f09e" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nss-softokn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nss-util"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^27([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC27", reference:"nspr-4.20.0-1.fc27")) flag++; if (rpm_check(release:"FC27", reference:"nss-3.39.0-1.0.fc27")) flag++; if (rpm_check(release:"FC27", reference:"nss-softokn-3.39.0-1.0.fc27")) flag++; if (rpm_check(release:"FC27", reference:"nss-util-3.39.0-1.0.fc27")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nspr / nss / nss-softokn / nss-util"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-C72D2D89EC.NASL
description	Updates the nss family of packages to upstream NSPR 4.20 and NSS 3.39. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39 _release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120778
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120778
title	Fedora 29 : nspr / nss / nss-softokn / nss-util (2018-c72d2d89ec)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-c72d2d89ec. # include("compat.inc"); if (description) { script_id(120778); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-12384"); script_xref(name:"FEDORA", value:"2018-c72d2d89ec"); script_name(english:"Fedora 29 : nspr / nss / nss-softokn / nss-util (2018-c72d2d89ec)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updates the nss family of packages to upstream NSPR 4.20 and NSS 3.39. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39 _release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-c72d2d89ec" ); # https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6a93f09e" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nss-softokn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nss-util"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"nspr-4.20.0-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"nss-3.39.0-2.fc29")) flag++; if (rpm_check(release:"FC29", reference:"nss-softokn-3.39.0-2.fc29")) flag++; if (rpm_check(release:"FC29", reference:"nss-util-3.39.0-2.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nspr / nss / nss-softokn / nss-util"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2018-2898.NASL
description	An update for nss is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	118022
published	2018-10-10
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118022
title	CentOS 6 : nss (CESA-2018:2898)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:2898 and # CentOS Errata and Security Advisory 2018:2898 respectively. # include("compat.inc"); if (description) { script_id(118022); script_version("1.5"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2018-12384"); script_xref(name:"RHSA", value:"2018:2898"); script_name(english:"CentOS 6 : nss (CESA-2018:2898)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for nss is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue." ); # https://lists.centos.org/pipermail/centos-announce/2018-October/023061.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b07ac0f3" ); script_set_attribute(attribute:"solution", value:"Update the affected nss packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12384"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) \|\| "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"nss-3.36.0-9.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"nss-devel-3.36.0-9.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"nss-pkcs11-devel-3.36.0-9.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"nss-sysinit-3.36.0-9.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"nss-tools-3.36.0-9.el6_10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-devel / nss-pkcs11-devel / nss-sysinit / nss-tools"); }

NASL family	Amazon Linux Local Security Checks
NASL id	AL2_ALAS-2018-1095.NASL
description	A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.(CVE-2018-12384)
last seen	2020-06-01
modified	2020-06-02
plugin id	118402
published	2018-10-26
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118402
title	Amazon Linux 2 : nss (ALAS-2018-1095)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux 2 Security Advisory ALAS-2018-1095. # include("compat.inc"); if (description) { script_id(118402); script_version("1.2"); script_cvs_date("Date: 2019/05/06 10:10:18"); script_cve_id("CVE-2018-12384"); script_xref(name:"ALAS", value:"2018-1095"); script_name(english:"Amazon Linux 2 : nss (ALAS-2018-1095)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux 2 host is missing a security update." ); script_set_attribute( attribute:"description", value: "A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.(CVE-2018-12384)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2018-1095.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update nss' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "2") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"AL2", reference:"nss-3.36.0-7.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"nss-debuginfo-3.36.0-7.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"nss-devel-3.36.0-7.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"nss-pkcs11-devel-3.36.0-7.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"nss-sysinit-3.36.0-7.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"nss-tools-3.36.0-7.amzn2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-sysinit / etc"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-998.NASL
description	This update for mozilla-nss to version 3.36.6 fixes the following issues : Security issues fixed : - CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random (bmo#1483128, boo#1106873) - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bmo#1485864, boo#1119069)
last seen	2020-05-31
modified	2019-03-27
plugin id	123408
published	2019-03-27
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123408
title	openSUSE Security Update : mozilla-nss (openSUSE-2019-998)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-4235-1.NASL
description	This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in MozillaFirefox : Update to Firefox ESR 60.4 (bsc#1119105) CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Fixed a use-after-free with select element CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: Update to NSS 3.40.1 (bsc#1119105) CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) Fixed a decryption failure during FFDHE key exchange Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: Update mozilla-nspr to 4.20 (bsc#1119105) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-18
modified	2019-01-02
plugin id	120193
published	2019-01-02
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120193
title	SUSE SLED15 / SLES15 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4235-1)

NASL family	Virtuozzo Local Security Checks
NASL id	VIRTUOZZO_VZLSA-2018-2898.NASL
description	An update for nss is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	119086
published	2018-11-21
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119086
title	Virtuozzo 6 : nss / nss-devel / nss-pkcs11-devel / nss-sysinit / etc (VZLSA-2018-2898)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-1618.NASL
description	This update for mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in mozilla-nss : - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr : - Update mozilla-nspr to 4.20 (bsc#1119105) This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-05
modified	2018-12-31
plugin id	119948
published	2018-12-31
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119948
title	openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2018-1618)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1366.NASL
description	According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2018-11-07
plugin id	118760
published	2018-11-07
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118760
title	EulerOS 2.0 SP3 : nss (EulerOS-SA-2018-1366)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1358.NASL
description	According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2018-11-06
plugin id	118741
published	2018-11-06
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118741
title	EulerOS 2.0 SP2 : nss (EulerOS-SA-2018-1358)

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0131_NSS.NASL
description	The remote NewStart CGSL host, running version MAIN 4.05, has nss packages installed that are affected by a vulnerability: - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. (CVE-2018-12384) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	127386
published	2019-08-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127386
title	NewStart CGSL MAIN 4.05 : nss Vulnerability (NS-SA-2019-0131)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1169.NASL
description	According to the version of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.i1/4^CVE-2018-12384i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-19
modified	2019-04-09
plugin id	123855
published	2019-04-09
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123855
title	EulerOS Virtualization 2.5.3 : nss (EulerOS-SA-2019-1169)

NASL family	Junos Local Security Checks
NASL id	JUNIPER_SPACE_JSA10917_184R1.NASL
description	According to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel
last seen	2020-06-01
modified	2020-06-02
plugin id	121068
published	2019-01-10
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121068
title	Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2018-2768.NASL
description	An update for nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	117832
published	2018-10-01
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117832
title	CentOS 7 : nss (CESA-2018:2768)

NASL family	OracleVM Local Security Checks
NASL id	ORACLEVM_OVMSA-2018-0264.NASL
description	The remote OracleVM system is missing necessary patches to address critical security updates : - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed - Backport upstream fix for (CVE-2018-12384) - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss) - Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h - rebuild - Keep legacy code signing trust flags for backwards compatibility - Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running - Ignore tests which only works with newer nss-softokn - Use the correct tarball of NSS 3.36 release - Ignore EncryptDeriveTest which only works with newer nss-softokn - Don
last seen	2020-06-01
modified	2020-06-02
plugin id	118051
published	2018-10-11
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118051
title	OracleVM 3.3 / 3.4 : nss (OVMSA-2018-0264)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20181009_NSS_ON_SL6_X.NASL
description	Security Fix(es) : - nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384)
last seen	2020-03-18
modified	2018-10-11
plugin id	118058
published	2018-10-11
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118058
title	Scientific Linux Security Update : nss on SL6.x i386/x86_64 (20181009)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2018-2898.NASL
description	An update for nss is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	118030
published	2018-10-10
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118030
title	RHEL 6 : nss (RHSA-2018:2898)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-1A7A5C54C2.NASL
description	Updates the nss family of packages to upstream NSPR 4.20 and NSS 3.39. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39 _release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120262
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120262
title	Fedora 28 : nspr / nss / nss-softokn / nss-util (2018-1a7a5c54c2)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-4236-1.NASL
description	This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in MozillaFirefox : Update to Firefox ESR 60.4 (bsc#1119105) CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Fixed a use-after-free with select element CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: Update to NSS 3.40.1 (bsc#1119105) CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) Fixed a decryption failure during FFDHE key exchange Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: Update mozilla-nspr to 4.20 (bsc#1119105) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-26
modified	2018-12-24
plugin id	119871
published	2018-12-24
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119871
title	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4236-1)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3850-1.NASL
description	Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. (CVE-2018-12384) It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. (CVE-2018-12404). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-18
modified	2019-01-10
plugin id	121062
published	2019-01-10
reporter	Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121062
title	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : nss vulnerabilities (USN-3850-1)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2018-1095.NASL
description	A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.(CVE-2018-12384)
last seen	2020-06-01
modified	2020-06-02
plugin id	118362
published	2018-10-25
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118362
title	Amazon Linux AMI : nss (ALAS-2018-1095)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2019-1397.NASL
description	According to the versions of the nss packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. (CVE-2018-12384) - A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application.(CVE-2017-7805) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	124900
published	2019-05-14
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124900
title	EulerOS Virtualization for ARM 64 3.0.1.0 : nss (EulerOS-SA-2019-1397)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2018-2768.NASL
description	An update for nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	117778
published	2018-09-27
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117778
title	RHEL 7 : nss (RHSA-2018:2768)

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2018-2898.NASL
description	From Red Hat Security Advisory 2018:2898 : An update for nss is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	118027
published	2018-10-10
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118027
title	Oracle Linux 6 : nss (ELSA-2018-2898)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-1039.NASL
description	This update for mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in mozilla-nss : - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr : - Update mozilla-nspr to 4.20 (bsc#1119105) This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	123164
published	2019-03-27
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123164
title	openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2019-1039)

Redhat

advisories

bugzilla

id	1622089
title	CVE-2018-12384 nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment nss-pkcs11-devel is earlier than 0:3.36.0-7.el7_5
oval oval:com.redhat.rhsa:tst:20182768001
comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364006

AND
comment nss-devel is earlier than 0:3.36.0-7.el7_5
oval oval:com.redhat.rhsa:tst:20182768003
comment nss-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364014
AND
comment nss-sysinit is earlier than 0:3.36.0-7.el7_5
oval oval:com.redhat.rhsa:tst:20182768005
comment nss-sysinit is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364008
AND
comment nss-tools is earlier than 0:3.36.0-7.el7_5
oval oval:com.redhat.rhsa:tst:20182768007
comment nss-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364012
AND
comment nss is earlier than 0:3.36.0-7.el7_5
oval oval:com.redhat.rhsa:tst:20182768009
comment nss is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364010

rhsa

id	RHSA-2018:2768
released	2018-09-25
severity	Moderate
title	RHSA-2018:2768: nss security update (Moderate)

bugzilla

id	1622089
title	CVE-2018-12384 nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND

comment nss-pkcs11-devel is earlier than 0:3.36.0-9.el6_10
oval oval:com.redhat.rhsa:tst:20182898001
comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364006

AND
comment nss is earlier than 0:3.36.0-9.el6_10
oval oval:com.redhat.rhsa:tst:20182898003
comment nss is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364010
AND
comment nss-sysinit is earlier than 0:3.36.0-9.el6_10
oval oval:com.redhat.rhsa:tst:20182898005
comment nss-sysinit is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364008
AND
comment nss-devel is earlier than 0:3.36.0-9.el6_10
oval oval:com.redhat.rhsa:tst:20182898007
comment nss-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364014
AND
comment nss-tools is earlier than 0:3.36.0-9.el6_10
oval oval:com.redhat.rhsa:tst:20182898009
comment nss-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20150364012

rhsa

id	RHSA-2018:2898
released	2018-10-09
severity	Moderate
title	RHSA-2018:2898: nss security update (Moderate)

rpms

nss-0:3.36.0-7.el7_5
nss-debuginfo-0:3.36.0-7.el7_5
nss-devel-0:3.36.0-7.el7_5
nss-pkcs11-devel-0:3.36.0-7.el7_5
nss-sysinit-0:3.36.0-7.el7_5
nss-tools-0:3.36.0-7.el7_5
nss-0:3.36.0-9.el6_10
nss-debuginfo-0:3.36.0-9.el6_10
nss-devel-0:3.36.0-9.el6_10
nss-pkcs11-devel-0:3.36.0-9.el6_10
nss-sysinit-0:3.36.0-9.el6_10
nss-tools-0:3.36.0-9.el6_10

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References