Vulnerabilities > CVE-2018-12384 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Mozilla Network Security Services
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1540.NASL description This update for mozilla-nss to version 3.36.6 fixes the following issues : Security issues fixed : - CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random (bmo#1483128, boo#1106873) - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bmo#1485864, boo#1119069) last seen 2020-06-05 modified 2018-12-14 plugin id 119670 published 2018-12-14 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119670 title openSUSE Security Update : mozilla-nss (openSUSE-2018-1540) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-1540. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(119670); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-12384", "CVE-2018-12404"); script_name(english:"openSUSE Security Update : mozilla-nss (openSUSE-2018-1540)"); script_summary(english:"Check for the openSUSE-2018-1540 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for mozilla-nss to version 3.36.6 fixes the following issues : Security issues fixed : - CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random (bmo#1483128, boo#1106873) - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bmo#1485864, boo#1119069)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106873" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119069" ); script_set_attribute( attribute:"solution", value:"Update the affected mozilla-nss packages." ); script_set_attribute(attribute:"risk_factor", value:"Medium"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"libfreebl3-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libfreebl3-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libsoftokn3-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libsoftokn3-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-certs-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-certs-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-debugsource-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-devel-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-sysinit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-sysinit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-tools-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-tools-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libfreebl3-32bit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libfreebl3-32bit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libsoftokn3-32bit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libsoftokn3-32bit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-32bit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-32bit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libfreebl3-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libfreebl3-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsoftokn3-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsoftokn3-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-certs-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-certs-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-debugsource-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-devel-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-sysinit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-sysinit-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-tools-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-tools-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libfreebl3-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsoftokn3-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.36.6-54.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libfreebl3 / libfreebl3-debuginfo / libsoftokn3 / etc"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-2768.NASL description From Red Hat Security Advisory 2018:2768 : An update for nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 117768 published 2018-09-27 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117768 title Oracle Linux 7 : nss (ELSA-2018-2768) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:2768 and # Oracle Linux Security Advisory ELSA-2018-2768 respectively. # include("compat.inc"); if (description) { script_id(117768); script_version("1.3"); script_cvs_date("Date: 2019/09/27 13:00:38"); script_cve_id("CVE-2018-12384"); script_xref(name:"RHSA", value:"2018:2768"); script_name(english:"Oracle Linux 7 : nss (ELSA-2018-2768)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2018:2768 : An update for nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2018-September/008049.html" ); script_set_attribute(attribute:"solution", value:"Update the affected nss packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"nss-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"nss-devel-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"nss-pkcs11-devel-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"nss-sysinit-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"nss-tools-3.36.0-7.el7_5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-devel / nss-pkcs11-devel / nss-sysinit / nss-tools"); }NASL family Scientific Linux Local Security Checks NASL id SL_20180925_NSS_ON_SL7_X.NASL description Security Fix(es) : - nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) last seen 2020-03-18 modified 2018-09-27 plugin id 117788 published 2018-09-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117788 title Scientific Linux Security Update : nss on SL7.x x86_64 (20180925) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(117788); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2018-12384"); script_name(english:"Scientific Linux Security Update : nss on SL7.x x86_64 (20180925)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1809&L=scientific-linux-errata&F=&S=&P=3288 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7386605e" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-tools"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-debuginfo-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-devel-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-pkcs11-devel-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-sysinit-3.36.0-7.el7_5")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-tools-3.36.0-7.el7_5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-sysinit / etc"); }NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0033_NSS.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has nss packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. (CVE-2018-12384) - The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side- channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. (CVE-2013-1620) - Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. (CVE-2013-1739) - A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) - Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. (CVE-2013-1741) - Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. (CVE-2013-5605) - The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. (CVE-2013-5606) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127200 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127200 title NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0033) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from ZTE advisory NS-SA-2019-0033. The text # itself is copyright (C) ZTE, Inc. include("compat.inc"); if (description) { script_id(127200); script_version("1.2"); script_cvs_date("Date: 2019/10/17 14:31:04"); script_cve_id( "CVE-2013-1620", "CVE-2013-1739", "CVE-2013-1740", "CVE-2013-1741", "CVE-2013-5605", "CVE-2013-5606", "CVE-2018-12384" ); script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0033)"); script_set_attribute(attribute:"synopsis", value: "The remote machine is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has nss packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. (CVE-2018-12384) - The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side- channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. (CVE-2013-1620) - Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. (CVE-2013-1739) - A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) - Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. (CVE-2013-1741) - Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. (CVE-2013-5605) - The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. (CVE-2013-5606) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0033"); script_set_attribute(attribute:"solution", value: "Upgrade the vulnerable CGSL nss packages. Note that updated packages may not be available yet. Please contact ZTE for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5605"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"NewStart CGSL Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/ZTE-CGSL/release"); if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux"); if (release !~ "CGSL CORE 5.04" && release !~ "CGSL MAIN 5.04") audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04'); if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu); flag = 0; pkgs = { "CGSL CORE 5.04": [ "nss-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-debuginfo-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-devel-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-pkcs11-devel-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-sysinit-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62", "nss-tools-3.36.0-7.el7_5.cgslv5lite.0.1.gadf9d62" ], "CGSL MAIN 5.04": [ "nss-3.36.0-7.el7_5.cgslv5", "nss-debuginfo-3.36.0-7.el7_5.cgslv5", "nss-devel-3.36.0-7.el7_5.cgslv5", "nss-pkcs11-devel-3.36.0-7.el7_5.cgslv5", "nss-sysinit-3.36.0-7.el7_5.cgslv5", "nss-tools-3.36.0-7.el7_5.cgslv5" ] }; pkg_list = pkgs[release]; foreach (pkg in pkg_list) if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss"); }NASL family Fedora Local Security Checks NASL id FEDORA_2018-4A21A8CA59.NASL description Updates the nss family of packages to upstream NSPR 4.20 and NSS 3.39. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39 _release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-09-18 plugin id 117532 published 2018-09-18 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117532 title Fedora 27 : nspr / nss / nss-softokn / nss-util (2018-4a21a8ca59) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-4a21a8ca59. # include("compat.inc"); if (description) { script_id(117532); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-12384"); script_xref(name:"FEDORA", value:"2018-4a21a8ca59"); script_name(english:"Fedora 27 : nspr / nss / nss-softokn / nss-util (2018-4a21a8ca59)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updates the nss family of packages to upstream NSPR 4.20 and NSS 3.39. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39 _release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-4a21a8ca59" ); # https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6a93f09e" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nss-softokn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nss-util"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC27", reference:"nspr-4.20.0-1.fc27")) flag++; if (rpm_check(release:"FC27", reference:"nss-3.39.0-1.0.fc27")) flag++; if (rpm_check(release:"FC27", reference:"nss-softokn-3.39.0-1.0.fc27")) flag++; if (rpm_check(release:"FC27", reference:"nss-util-3.39.0-1.0.fc27")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nspr / nss / nss-softokn / nss-util"); }NASL family Fedora Local Security Checks NASL id FEDORA_2018-C72D2D89EC.NASL description Updates the nss family of packages to upstream NSPR 4.20 and NSS 3.39. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39 _release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120778 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120778 title Fedora 29 : nspr / nss / nss-softokn / nss-util (2018-c72d2d89ec) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-c72d2d89ec. # include("compat.inc"); if (description) { script_id(120778); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-12384"); script_xref(name:"FEDORA", value:"2018-c72d2d89ec"); script_name(english:"Fedora 29 : nspr / nss / nss-softokn / nss-util (2018-c72d2d89ec)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updates the nss family of packages to upstream NSPR 4.20 and NSS 3.39. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39 _release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-c72d2d89ec" ); # https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6a93f09e" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nspr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nss-softokn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nss-util"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC29", reference:"nspr-4.20.0-1.fc29")) flag++; if (rpm_check(release:"FC29", reference:"nss-3.39.0-2.fc29")) flag++; if (rpm_check(release:"FC29", reference:"nss-softokn-3.39.0-2.fc29")) flag++; if (rpm_check(release:"FC29", reference:"nss-util-3.39.0-2.fc29")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nspr / nss / nss-softokn / nss-util"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-2898.NASL description An update for nss is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 118022 published 2018-10-10 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118022 title CentOS 6 : nss (CESA-2018:2898) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:2898 and # CentOS Errata and Security Advisory 2018:2898 respectively. # include("compat.inc"); if (description) { script_id(118022); script_version("1.5"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2018-12384"); script_xref(name:"RHSA", value:"2018:2898"); script_name(english:"CentOS 6 : nss (CESA-2018:2898)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for nss is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue." ); # https://lists.centos.org/pipermail/centos-announce/2018-October/023061.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b07ac0f3" ); script_set_attribute(attribute:"solution", value:"Update the affected nss packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12384"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nss-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"nss-3.36.0-9.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"nss-devel-3.36.0-9.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"nss-pkcs11-devel-3.36.0-9.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"nss-sysinit-3.36.0-9.el6_10")) flag++; if (rpm_check(release:"CentOS-6", reference:"nss-tools-3.36.0-9.el6_10")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-devel / nss-pkcs11-devel / nss-sysinit / nss-tools"); }NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-1095.NASL description A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.(CVE-2018-12384) last seen 2020-06-01 modified 2020-06-02 plugin id 118402 published 2018-10-26 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118402 title Amazon Linux 2 : nss (ALAS-2018-1095) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux 2 Security Advisory ALAS-2018-1095. # include("compat.inc"); if (description) { script_id(118402); script_version("1.2"); script_cvs_date("Date: 2019/05/06 10:10:18"); script_cve_id("CVE-2018-12384"); script_xref(name:"ALAS", value:"2018-1095"); script_name(english:"Amazon Linux 2 : nss (ALAS-2018-1095)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux 2 host is missing a security update." ); script_set_attribute( attribute:"description", value: "A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.(CVE-2018-12384)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2018-1095.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update nss' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/29"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "2") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"AL2", reference:"nss-3.36.0-7.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"nss-debuginfo-3.36.0-7.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"nss-devel-3.36.0-7.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"nss-pkcs11-devel-3.36.0-7.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"nss-sysinit-3.36.0-7.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"nss-tools-3.36.0-7.amzn2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-sysinit / etc"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-998.NASL description This update for mozilla-nss to version 3.36.6 fixes the following issues : Security issues fixed : - CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random (bmo#1483128, boo#1106873) - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bmo#1485864, boo#1119069) last seen 2020-05-31 modified 2019-03-27 plugin id 123408 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123408 title openSUSE Security Update : mozilla-nss (openSUSE-2019-998) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-4235-1.NASL description This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in MozillaFirefox : Update to Firefox ESR 60.4 (bsc#1119105) CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Fixed a use-after-free with select element CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: Update to NSS 3.40.1 (bsc#1119105) CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) Fixed a decryption failure during FFDHE key exchange Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: Update mozilla-nspr to 4.20 (bsc#1119105) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-02 plugin id 120193 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120193 title SUSE SLED15 / SLES15 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4235-1) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2018-2898.NASL description An update for nss is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 119086 published 2018-11-21 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119086 title Virtuozzo 6 : nss / nss-devel / nss-pkcs11-devel / nss-sysinit / etc (VZLSA-2018-2898) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1618.NASL description This update for mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in mozilla-nss : - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr : - Update mozilla-nspr to 4.20 (bsc#1119105) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-05 modified 2018-12-31 plugin id 119948 published 2018-12-31 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119948 title openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2018-1618) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1366.NASL description According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-11-07 plugin id 118760 published 2018-11-07 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118760 title EulerOS 2.0 SP3 : nss (EulerOS-SA-2018-1366) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1358.NASL description According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-11-06 plugin id 118741 published 2018-11-06 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118741 title EulerOS 2.0 SP2 : nss (EulerOS-SA-2018-1358) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0131_NSS.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has nss packages installed that are affected by a vulnerability: - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. (CVE-2018-12384) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127386 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127386 title NewStart CGSL MAIN 4.05 : nss Vulnerability (NS-SA-2019-0131) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1169.NASL description According to the version of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.i1/4^CVE-2018-12384i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2019-04-09 plugin id 123855 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123855 title EulerOS Virtualization 2.5.3 : nss (EulerOS-SA-2019-1169) NASL family Junos Local Security Checks NASL id JUNIPER_SPACE_JSA10917_184R1.NASL description According to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 121068 published 2019-01-10 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121068 title Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-2768.NASL description An update for nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 117832 published 2018-10-01 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117832 title CentOS 7 : nss (CESA-2018:2768) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2018-0264.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed - Backport upstream fix for (CVE-2018-12384) - Remove nss-lockcert-api-change.patch, which turned out to be a mistake (the symbol was not exported from libnss) - Restore CERT_LockCertTrust and CERT_UnlockCertTrust back in cert.h - rebuild - Keep legacy code signing trust flags for backwards compatibility - Decrease the iteration count of PKCS#12 for compatibility with Windows - Fix deadlock when a token is re-inserted while a client process is running - Ignore tests which only works with newer nss-softokn - Use the correct tarball of NSS 3.36 release - Ignore EncryptDeriveTest which only works with newer nss-softokn - Don last seen 2020-06-01 modified 2020-06-02 plugin id 118051 published 2018-10-11 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118051 title OracleVM 3.3 / 3.4 : nss (OVMSA-2018-0264) NASL family Scientific Linux Local Security Checks NASL id SL_20181009_NSS_ON_SL6_X.NASL description Security Fix(es) : - nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) last seen 2020-03-18 modified 2018-10-11 plugin id 118058 published 2018-10-11 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118058 title Scientific Linux Security Update : nss on SL6.x i386/x86_64 (20181009) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2898.NASL description An update for nss is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 118030 published 2018-10-10 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118030 title RHEL 6 : nss (RHSA-2018:2898) NASL family Fedora Local Security Checks NASL id FEDORA_2018-1A7A5C54C2.NASL description Updates the nss family of packages to upstream NSPR 4.20 and NSS 3.39. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39 _release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120262 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120262 title Fedora 28 : nspr / nss / nss-softokn / nss-util (2018-1a7a5c54c2) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-4236-1.NASL description This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in MozillaFirefox : Update to Firefox ESR 60.4 (bsc#1119105) CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Fixed a use-after-free with select element CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: Update to NSS 3.40.1 (bsc#1119105) CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) Fixed a decryption failure during FFDHE key exchange Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: Update mozilla-nspr to 4.20 (bsc#1119105) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-26 modified 2018-12-24 plugin id 119871 published 2018-12-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119871 title SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4236-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3850-1.NASL description Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. (CVE-2018-12384) It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. (CVE-2018-12404). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-10 plugin id 121062 published 2019-01-10 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121062 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : nss vulnerabilities (USN-3850-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1095.NASL description A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.(CVE-2018-12384) last seen 2020-06-01 modified 2020-06-02 plugin id 118362 published 2018-10-25 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118362 title Amazon Linux AMI : nss (ALAS-2018-1095) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1397.NASL description According to the versions of the nss packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. (CVE-2018-12384) - A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application.(CVE-2017-7805) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124900 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124900 title EulerOS Virtualization for ARM 64 3.0.1.0 : nss (EulerOS-SA-2019-1397) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2768.NASL description An update for nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 117778 published 2018-09-27 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117778 title RHEL 7 : nss (RHSA-2018:2768) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-2898.NASL description From Red Hat Security Advisory 2018:2898 : An update for nss is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 118027 published 2018-10-10 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118027 title Oracle Linux 6 : nss (ELSA-2018-2898) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1039.NASL description This update for mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in mozilla-nss : - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr : - Update mozilla-nspr to 4.20 (bsc#1119105) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123164 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123164 title openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2019-1039)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|