Vulnerabilities > CVE-2018-12404 - Unspecified vulnerability in Mozilla Network Security Services
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1540.NASL description This update for mozilla-nss to version 3.36.6 fixes the following issues : Security issues fixed : - CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random (bmo#1483128, boo#1106873) - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bmo#1485864, boo#1119069) last seen 2020-06-05 modified 2018-12-14 plugin id 119670 published 2018-12-14 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119670 title openSUSE Security Update : mozilla-nss (openSUSE-2018-1540) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-1540. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(119670); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-12384", "CVE-2018-12404"); script_name(english:"openSUSE Security Update : mozilla-nss (openSUSE-2018-1540)"); script_summary(english:"Check for the openSUSE-2018-1540 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for mozilla-nss to version 3.36.6 fixes the following issues : Security issues fixed : - CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random (bmo#1483128, boo#1106873) - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bmo#1485864, boo#1119069)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1106873" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119069" ); script_set_attribute( attribute:"solution", value:"Update the affected mozilla-nss packages." ); script_set_attribute(attribute:"risk_factor", value:"Medium"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"libfreebl3-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libfreebl3-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libsoftokn3-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libsoftokn3-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-certs-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-certs-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-debugsource-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-devel-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-sysinit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-sysinit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-tools-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-tools-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libfreebl3-32bit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libfreebl3-32bit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libsoftokn3-32bit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libsoftokn3-32bit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-32bit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-32bit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-debuginfo-3.36.6-lp150.2.6.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libfreebl3-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libfreebl3-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsoftokn3-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libsoftokn3-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-certs-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-certs-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-debugsource-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-devel-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-sysinit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-sysinit-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-tools-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"mozilla-nss-tools-debuginfo-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libfreebl3-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libfreebl3-debuginfo-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsoftokn3-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libsoftokn3-debuginfo-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-certs-debuginfo-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-debuginfo-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.36.6-54.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-debuginfo-32bit-3.36.6-54.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libfreebl3 / libfreebl3-debuginfo / libsoftokn3 / etc"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0164_NSS.NASL description An update of the nss package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126182 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126182 title Photon OS 2.0: Nss PHSA-2019-2.0-0164 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-2.0-0164. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(126182); script_version("1.2"); script_cvs_date("Date: 2020/01/09"); script_cve_id("CVE-2018-12404"); script_bugtraq_id(107260); script_name(english:"Photon OS 2.0: Nss PHSA-2019-2.0-0164"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the nss package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-164.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5729"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/06"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:nss"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", reference:"nss-3.44-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"nss-debuginfo-3.44-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"nss-devel-3.44-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"nss-libs-3.44-1.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-183.NASL description This update for mozilla-nss fixes the following issues : Security issues fixed : - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed : - Update to mozilla-nss 3.41.1 This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 122225 published 2019-02-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122225 title openSUSE Security Update : mozilla-nss (openSUSE-2019-183) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-183. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(122225); script_version("1.4"); script_cvs_date("Date: 2020/02/12"); script_cve_id("CVE-2018-12404"); script_name(english:"openSUSE Security Update : mozilla-nss (openSUSE-2019-183)"); script_summary(english:"Check for the openSUSE-2019-183 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for mozilla-nss fixes the following issues : Security issues fixed : - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed : - Update to mozilla-nss 3.41.1 This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1119069" ); script_set_attribute( attribute:"solution", value:"Update the affected mozilla-nss packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-hmac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-hmac-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-hmac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-hmac-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/02"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"libfreebl3-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libfreebl3-debuginfo-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libfreebl3-hmac-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libsoftokn3-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libsoftokn3-debuginfo-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libsoftokn3-hmac-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-certs-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-certs-debuginfo-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-debuginfo-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-debugsource-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-devel-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-sysinit-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-sysinit-debuginfo-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-tools-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"mozilla-nss-tools-debuginfo-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libfreebl3-32bit-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libfreebl3-32bit-debuginfo-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libfreebl3-hmac-32bit-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libsoftokn3-32bit-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libsoftokn3-32bit-debuginfo-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libsoftokn3-hmac-32bit-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-32bit-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-32bit-debuginfo-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-debuginfo-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.41.1-lp150.2.16.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-debuginfo-3.41.1-lp150.2.16.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libfreebl3 / libfreebl3-32bit / libfreebl3-32bit-debuginfo / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2018-2575EDF8D3.NASL description Updates the nss package to upstream NSS 3.40.1. This is a point release after 3.40, with a security fix for CVE-2018-12404. For details about other new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.40 _release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120299 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120299 title Fedora 28 : nss (2018-2575edf8d3) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-2575edf8d3. # include("compat.inc"); if (description) { script_id(120299); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-12404"); script_xref(name:"FEDORA", value:"2018-2575edf8d3"); script_name(english:"Fedora 28 : nss (2018-2575edf8d3)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updates the nss package to upstream NSS 3.40.1. This is a point release after 3.40, with a security fix for CVE-2018-12404. For details about other new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.40 _release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-2575edf8d3" ); # https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.40_release_notes script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?df399827" ); script_set_attribute(attribute:"solution", value:"Update the affected nss package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:nss"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/02"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"nss-3.40.1-1.0.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-998.NASL description This update for mozilla-nss to version 3.36.6 fixes the following issues : Security issues fixed : - CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random (bmo#1483128, boo#1106873) - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bmo#1485864, boo#1119069) last seen 2020-05-31 modified 2019-03-27 plugin id 123408 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123408 title openSUSE Security Update : mozilla-nss (openSUSE-2019-998) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-4235-1.NASL description This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in MozillaFirefox : Update to Firefox ESR 60.4 (bsc#1119105) CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Fixed a use-after-free with select element CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: Update to NSS 3.40.1 (bsc#1119105) CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) Fixed a decryption failure during FFDHE key exchange Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: Update mozilla-nspr to 4.20 (bsc#1119105) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-02 plugin id 120193 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120193 title SUSE SLED15 / SLES15 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4235-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1618.NASL description This update for mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in mozilla-nss : - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr : - Update mozilla-nspr to 4.20 (bsc#1119105) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-05 modified 2018-12-31 plugin id 119948 published 2018-12-31 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119948 title openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2018-1618) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0193_NSS.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has nss packages installed that are affected by multiple vulnerabilities: - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. (CVE-2018-0495) - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. (CVE-2018-12404) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 129915 published 2019-10-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129915 title NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0193) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0273-1.NASL description This update for MozillaFirefox, mozilla-nss fixes the following issues : Security issues fixed : CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (bsc#1122983). CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983). CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (bsc#1122983). CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed: Update to MozillaFirefox ESR 60.5.0 Update to mozilla-nss 3.41.1 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-02-07 plugin id 121638 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121638 title SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:0273-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-2237.NASL description An update for nss, nss-softokn, nss-util, and nspr is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.44.0), nss-softokn (3.44.0), nss-util (3.44.0), nspr (4.21.0). (BZ#1645231, BZ#1692269, BZ#1692271, BZ#1692274) Security Fix(es) : * ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * nss: Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 128378 published 2019-08-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128378 title CentOS 7 : nspr / nss / nss-softokn / nss-util (CESA-2019:2237) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1979.NASL description According to the version of the nss-softokn packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.(CVE-2018-12404) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-24 plugin id 129173 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129173 title EulerOS 2.0 SP5 : nss-softokn (EulerOS-SA-2019-1979) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0239_NSS.NASL description An update of the nss package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126189 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126189 title Photon OS 1.0: Nss PHSA-2019-1.0-0239 NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1704.NASL description Vulnerabilities have been discovered in nss, the Mozilla Network Security Service library. CVE-2018-12404 Cache side-channel variant of the Bleichenbacher attack CVE-2018-18508 NULL pointer dereference in several CMS functions resulting in a denial of service For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 122604 published 2019-03-05 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122604 title Debian DLA-1704-1 : nss security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2246.NASL description According to the versions of the nss-softokn packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.(CVE-2018-12404) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-08 plugin id 130708 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130708 title EulerOS 2.0 SP3 : nss-softokn (EulerOS-SA-2019-2246) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2020-1355.NASL description A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. (CVE-2019-11745) A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. (CVE-2018-12404) Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729 ) Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. (CVE-2018-0495) last seen 2020-03-23 modified 2020-03-19 plugin id 134681 published 2020-03-19 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134681 title Amazon Linux AMI : nss / nss-softokn,nss-util,nspr (ALAS-2020-1355) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1252.NASL description According to the versions of the nss-softokn packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.(CVE-2018-12404) - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2020-03-13 plugin id 134541 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134541 title EulerOS Virtualization for ARM 64 3.0.2.0 : nss-softokn (EulerOS-SA-2020-1252) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2174.NASL description According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.(CVE-2018-12404) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-12 plugin id 130883 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130883 title EulerOS 2.0 SP5 : nss (EulerOS-SA-2019-2174) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0236_NSS.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has nss packages installed that are affected by multiple vulnerabilities: - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. (CVE-2018-0495) - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. (CVE-2018-12404) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132493 published 2019-12-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132493 title NewStart CGSL CORE 5.05 / MAIN 5.05 : nss Multiple Vulnerabilities (NS-SA-2019-0236) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1214.NASL description According to the version of the nss packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.(CVE-2018-12404) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2020-03-13 plugin id 134503 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134503 title EulerOS Virtualization for ARM 64 3.0.2.0 : nss (EulerOS-SA-2020-1214) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2237.NASL description An update for nss, nss-softokn, nss-util, and nspr is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.44.0), nss-softokn (3.44.0), nss-util (3.44.0), nspr (4.21.0). (BZ#1645231, BZ#1692269, BZ#1692271, BZ#1692274) Security Fix(es) : * ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * nss: Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127699 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127699 title RHEL 7 : nss, nss-softokn, nss-util, and nspr (RHSA-2019:2237) NASL family Fedora Local Security Checks NASL id FEDORA_2018-A78B2EF820.NASL description Updates the nss package to upstream NSS 3.40.1. This is a point release after 3.40, with a security fix for CVE-2018-12404. For details about other new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.40 _release_notes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120683 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120683 title Fedora 29 : nss (2018-a78b2ef820) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2018-337-01.NASL description New mozilla-nss packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. last seen 2020-06-13 modified 2018-12-04 plugin id 119332 published 2018-12-04 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119332 title Slackware 14.0 / 14.1 / 14.2 / current : mozilla-nss (SSA:2018-337-01) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-3_0-0020_NSS.NASL description An update of the nss package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 126184 published 2019-06-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126184 title Photon OS 3.0: Nss PHSA-2019-3.0-0020 NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1305.NASL description A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. (CVE-2018-12404) Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. (CVE-2018-0495) last seen 2020-06-01 modified 2020-06-02 plugin id 129563 published 2019-10-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129563 title Amazon Linux 2 : nss (ALAS-2019-1305) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-4236-1.NASL description This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in MozillaFirefox : Update to Firefox ESR 60.4 (bsc#1119105) CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Fixed a use-after-free with select element CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: Update to NSS 3.40.1 (bsc#1119105) CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) Fixed a decryption failure during FFDHE key exchange Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: Update mozilla-nspr to 4.20 (bsc#1119105) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-26 modified 2018-12-24 plugin id 119871 published 2018-12-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119871 title SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4236-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3850-1.NASL description Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. (CVE-2018-12384) It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. (CVE-2018-12404). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-10 plugin id 121062 published 2019-01-10 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121062 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : nss vulnerabilities (USN-3850-1) NASL family Scientific Linux Local Security Checks NASL id SL_20190806_NSS__NSS_SOFTOKN__NSS_UTIL__AND_NSPR_ON_SL7_X.NASL description Netscape Portable Runtime (NSPR) provides platform independence for non- GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.44.0), nss-softokn (3.44.0), nss-util (3.44.0), nspr (4.21.0). Security Fix(es) : - ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - nss: Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404) last seen 2020-03-18 modified 2019-08-27 plugin id 128243 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128243 title Scientific Linux Security Update : nss, nss-softokn, nss-util, and nspr on SL7.x x86_64 (20190806) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1758.NASL description This update for MozillaFirefox, mozilla-nss fixes the following issues : Security issues fixed : - CVE-2018-18500: Fixed a use-after-free parsing HTML5 stream (bsc#1122983). - CVE-2018-18501: Fixed multiple memory safety bugs (bsc#1122983). - CVE-2018-18505: Fixed a privilege escalation through IPC channel messages (bsc#1122983). - CVE-2018-12404: Cache side-channel variant of the Bleichenbacher attack (bsc#1119069). Non-security issue fixed : - Update to MozillaFirefox ESR 60.5.0 - Update to mozilla-nss 3.41.1 This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 126898 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126898 title openSUSE Security Update : MozillaFirefox (openSUSE-2019-1758) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2467.NASL description According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.(CVE-2018-12404) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-04 plugin id 131620 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131620 title EulerOS 2.0 SP2 : nss (EulerOS-SA-2019-2467) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1039.NASL description This update for mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in mozilla-nss : - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr : - Update mozilla-nspr to 4.20 (bsc#1119105) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123164 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123164 title openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2019-1039)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html
- http://www.securityfocus.com/bid/107260
- https://access.redhat.com/errata/RHSA-2019:2237
- https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404
- https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
- https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html