Vulnerabilities > CVE-2019-11745 - Out-of-bounds Write vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-4114.NASL description From Red Hat Security Advisory 2019:4114 : An update for nss is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 131915 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131915 title Oracle Linux 8 : nss (ELSA-2019-4114) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:4114 and # Oracle Linux Security Advisory ELSA-2019-4114 respectively. # include("compat.inc"); if (description) { script_id(131915); script_version("1.3"); script_cvs_date("Date: 2020/01/15"); script_cve_id("CVE-2019-11745"); script_xref(name:"RHSA", value:"2019:4114"); script_name(english:"Oracle Linux 8 : nss (ELSA-2019-4114)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2019:4114 : An update for nss is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2019-December/009435.html" ); script_set_attribute(attribute:"solution", value:"Update the affected nss packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11745"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-softokn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-softokn-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-softokn-freebl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-softokn-freebl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-util"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-util-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 8", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-3.44.0-9.el8_1")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-devel-3.44.0-9.el8_1")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-softokn-3.44.0-9.el8_1")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-softokn-devel-3.44.0-9.el8_1")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-softokn-freebl-3.44.0-9.el8_1")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-softokn-freebl-devel-3.44.0-9.el8_1")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-sysinit-3.44.0-9.el8_1")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-tools-3.44.0-9.el8_1")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-util-3.44.0-9.el8_1")) flag++; if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-util-devel-3.44.0-9.el8_1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-devel / nss-softokn / nss-softokn-devel / etc"); }NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2020-1379.NASL description Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729) A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. (CVE-2019-11745) last seen 2020-06-01 modified 2020-06-02 plugin id 132734 published 2020-01-09 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132734 title Amazon Linux 2 : nss-softokn (ALAS-2020-1379) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux 2 Security Advisory ALAS-2020-1379. # include("compat.inc"); if (description) { script_id(132734); script_version("1.3"); script_cvs_date("Date: 2020/01/15"); script_cve_id("CVE-2019-11729", "CVE-2019-11745"); script_xref(name:"ALAS", value:"2020-1379"); script_name(english:"Amazon Linux 2 : nss-softokn (ALAS-2020-1379)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux 2 host is missing a security update." ); script_set_attribute( attribute:"description", value: "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729) A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. (CVE-2019-11745)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2020-1379.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update nss-softokn' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11745"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-freebl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-freebl-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/23"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "2") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"AL2", reference:"nss-softokn-3.44.0-8.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"nss-softokn-debuginfo-3.44.0-8.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"nss-softokn-devel-3.44.0-8.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"nss-softokn-freebl-3.44.0-8.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"nss-softokn-freebl-devel-3.44.0-8.amzn2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss-softokn / nss-softokn-debuginfo / nss-softokn-devel / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1345.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1345 advisory. - ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-23 modified 2020-04-07 plugin id 135250 published 2020-04-07 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135250 title RHEL 7 : nss-softokn (RHSA-2020:1345) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1345. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(135250); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/21"); script_cve_id("CVE-2018-0495", "CVE-2019-11745"); script_bugtraq_id(107967); script_xref(name:"RHSA", value:"2020:1345"); script_name(english:"RHEL 7 : nss-softokn (RHSA-2020:1345)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1345 advisory. - ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/200.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/787.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1345"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-0495"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-11745"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11745"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(200, 787); script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/13"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_aus:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_aus:7.4::server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_e4s:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_e4s:7.4::server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_tus:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_tus:7.4::server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl-devel"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^7\.4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'nss-softokn-3.28.3-9.el7_4', 'sp':'4', 'cpu':'i686', 'release':'7'}, {'reference':'nss-softokn-3.28.3-9.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7'}, {'reference':'nss-softokn-devel-3.28.3-9.el7_4', 'sp':'4', 'cpu':'i686', 'release':'7'}, {'reference':'nss-softokn-devel-3.28.3-9.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7'}, {'reference':'nss-softokn-freebl-3.28.3-9.el7_4', 'sp':'4', 'cpu':'i686', 'release':'7'}, {'reference':'nss-softokn-freebl-3.28.3-9.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7'}, {'reference':'nss-softokn-freebl-devel-3.28.3-9.el7_4', 'sp':'4', 'cpu':'i686', 'release':'7'}, {'reference':'nss-softokn-freebl-devel-3.28.3-9.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nss-softokn / nss-softokn-devel / nss-softokn-freebl / etc'); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4241-1.NASL description Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026) It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133040 published 2020-01-17 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133040 title Ubuntu 18.04 LTS / 19.10 : thunderbird vulnerabilities (USN-4241-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4241-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(133040); script_version("1.2"); script_cvs_date("Date: 2020/01/21"); script_cve_id("CVE-2019-11745", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012", "CVE-2019-17016", "CVE-2019-17017", "CVE-2019-17022", "CVE-2019-17024", "CVE-2019-17026"); script_xref(name:"USN", value:"4241-1"); script_name(english:"Ubuntu 18.04 LTS / 19.10 : thunderbird vulnerabilities (USN-4241-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026) It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4241-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected thunderbird package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/08"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(18\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04 / 19.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"18.04", pkgname:"thunderbird", pkgver:"1:68.4.1+build1-0ubuntu0.18.04.1")) flag++; if (ubuntu_check(osver:"19.10", pkgname:"thunderbird", pkgver:"1:68.4.1+build1-0ubuntu0.19.10.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird"); }NASL family Scientific Linux Local Security Checks NASL id SL_20191210_NSS__NSS_SOFTOKN__NSS_UTIL_ON_SL7_X.NASL description Security Fix(es) : - nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) - nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729) last seen 2020-03-18 modified 2019-12-12 plugin id 131987 published 2019-12-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131987 title Scientific Linux Security Update : nss, nss-softokn, nss-util on SL7.x x86_64 (20191210) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(131987); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2019-11729", "CVE-2019-11745"); script_name(english:"Scientific Linux Security Update : nss, nss-softokn, nss-util on SL7.x x86_64 (20191210)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) - nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1912&L=SCIENTIFIC-LINUX-ERRATA&P=9365 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6adcc52e" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11745"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn-freebl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn-freebl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-util"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-util-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-util-devel"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/23"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-3.44.0-7.el7_7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-debuginfo-3.44.0-7.el7_7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-devel-3.44.0-7.el7_7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-pkcs11-devel-3.44.0-7.el7_7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-3.44.0-8.el7_7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-debuginfo-3.44.0-8.el7_7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-devel-3.44.0-8.el7_7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-freebl-3.44.0-8.el7_7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-freebl-devel-3.44.0-8.el7_7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-sysinit-3.44.0-7.el7_7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-tools-3.44.0-7.el7_7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-util-3.44.0-4.el7_7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-util-debuginfo-3.44.0-4.el7_7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-util-devel-3.44.0-4.el7_7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-softokn / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0243.NASL description An update for nss is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 133286 published 2020-01-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133286 title RHEL 8 : nss (RHSA-2020:0243) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:0243. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(133286); script_version("1.2"); script_cvs_date("Date: 2020/01/30"); script_cve_id("CVE-2019-11745"); script_xref(name:"RHSA", value:"2020:0243"); script_name(english:"RHEL 8 : nss (RHSA-2020:0243)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for nss is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0243" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-11745" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-sysinit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-sysinit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-util"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-util-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-util-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/08"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^8\.0([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.0", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2020:0243"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-debuginfo-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-debuginfo-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-debugsource-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-debugsource-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-devel-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-devel-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-softokn-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-softokn-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-softokn-debuginfo-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-softokn-debuginfo-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-softokn-devel-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-softokn-devel-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-softokn-freebl-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-softokn-freebl-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-softokn-freebl-debuginfo-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-softokn-freebl-debuginfo-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-softokn-freebl-devel-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-softokn-freebl-devel-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-sysinit-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-sysinit-debuginfo-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-sysinit-debuginfo-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-tools-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-tools-debuginfo-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-tools-debuginfo-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-util-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-util-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-util-debuginfo-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-util-debuginfo-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-util-devel-3.44.0-8.el8_0")) flag++; if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-util-devel-3.44.0-8.el8_0")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-debuginfo / nss-debugsource / nss-devel / nss-softokn / etc"); } }NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2020-0018_NSS-SOFTOKN.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has nss-softokn packages installed that are affected by a vulnerability: - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-11745) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-03-18 modified 2020-03-08 plugin id 134322 published 2020-03-08 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134322 title NewStart CGSL MAIN 4.05 : nss-softokn Vulnerability (NS-SA-2020-0018) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2019-337-01.NASL description New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 131681 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131681 title Slackware 14.2 / current : mozilla-firefox (SSA:2019-337-01) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-4190.NASL description An update for nss, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) * nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 132400 published 2019-12-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132400 title CentOS 7 : nss / nss-softokn / nss-util (CESA-2019:4190) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-4190.NASL description From Red Hat Security Advisory 2019:4190 : An update for nss, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) * nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 131973 published 2019-12-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131973 title Oracle Linux 7 : nss / nss-softokn / nss-util (ELSA-2019-4190) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2020-1384.NASL description A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. (CVE-2019-11745) Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729) last seen 2020-06-01 modified 2020-06-02 plugin id 133094 published 2020-01-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133094 title Amazon Linux 2 : nss (ALAS-2020-1384) NASL family MacOS X Local Security Checks NASL id MACOS_FIREFOX_71_0.NASL description The version of Firefox installed on the remote macOS or Mac OS X host is prior to 71.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-36 advisory. - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. (CVE-2019-11745) - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). (CVE-2019-11756) - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. (CVE-2019-17008) - Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. (CVE-2019-17010) - Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. (CVE-2019-17011) - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2019-17012) - Mozilla developers and community members Philipp, Diego Calleja, Mikhail Gavrilov, Jason Kratzer, Christian Holler, Markus Stange, Tyson Smith reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2019-17013) - If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. (CVE-2019-17014) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 131772 published 2019-12-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131772 title Mozilla Firefox < 71.0 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4579.NASL description Two vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service and potentially the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 131784 published 2019-12-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131784 title Debian DSA-4579-1 : nss - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-3347-1.NASL description This update for MozillaFirefox fixes the following issues : Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328) Security issues fixed : CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132336 published 2019-12-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132336 title SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:3347-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-3337-1.NASL description This update for MozillaFirefox fixes the following issues : Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328) Security issues fixed : CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132308 published 2019-12-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132308 title SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:3337-1) NASL family Windows NASL id MOZILLA_FIREFOX_68_3_ESR.NASL description The version of Firefox ESR installed on the remote Windows host is prior to 68.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-37 advisory, including the following: - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. (CVE-2019-11745) - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. (CVE-2019-17008) - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2019-17012) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 131767 published 2019-12-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131767 title Mozilla Firefox ESR 68.x < 68.3 Multiple vulnerabilities NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2020-1355.NASL description A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. (CVE-2019-11745) A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. (CVE-2018-12404) Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729 ) Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. (CVE-2018-0495) last seen 2020-03-23 modified 2020-03-19 plugin id 134681 published 2020-03-19 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134681 title Amazon Linux AMI : nss / nss-softokn,nss-util,nspr (ALAS-2020-1355) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0088-1.NASL description This update for mozilla-nspr, mozilla-nss fixes the following issues : mozilla-nss was updated to NSS 3.47.1 : Security issues fixed : CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: Whitespace in C files was cleaned up and no longer uses tab characters for indenting. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132924 published 2020-01-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132924 title SUSE SLED12 / SLES12 Security Update : mozilla-nspr, mozilla-nss (SUSE-SU-2020:0088-1) NASL family Scientific Linux Local Security Checks NASL id SL_20191210_NSS_SOFTOKN_ON_SL6_X.NASL description Security Fix(es) : - nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) last seen 2020-03-18 modified 2019-12-12 plugin id 131988 published 2019-12-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131988 title Scientific Linux Security Update : nss-softokn on SL6.x i386/x86_64 (20191210) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4203-1.NASL description It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 131559 published 2019-12-03 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131559 title Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : nss vulnerability (USN-4203-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4335-1.NASL description Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6825) It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745) It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755) A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-15903) It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792) Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, CVE-2020-6822) It was discovered that if a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2020-6794) It was discovered that the Devtools last seen 2020-05-08 modified 2020-04-22 plugin id 135896 published 2020-04-22 reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135896 title Ubuntu 16.04 LTS : thunderbird vulnerabilities (USN-4335-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-02.NASL description The remote host is affected by the vulnerability described in GLSA-202003-02 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-05-08 modified 2020-03-13 plugin id 134469 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134469 title GLSA-202003-02 : Mozilla Firefox: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-4190.NASL description An update for nss, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) * nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 131984 published 2019-12-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131984 title RHEL 7 : nss, nss-softokn, nss-util (RHSA-2019:4190) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-2.NASL description This update for MozillaFirefox fixes the following issues : Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328)	 	 Security issues fixed : - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 132763 published 2020-01-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132763 title openSUSE Security Update : MozillaFirefox (openSUSE-2020-2) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-4152.NASL description From Red Hat Security Advisory 2019:4152 : An update for nss-softokn is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 131972 published 2019-12-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131972 title Oracle Linux 6 : nss-softokn (ELSA-2019-4152) NASL family MacOS X Local Security Checks NASL id MACOS_THUNDERBIRD_68_3.NASL description The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-38 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 131955 published 2019-12-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131955 title Mozilla Thunderbird < 68.3 NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0262_NSS.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has nss packages installed that are affected by multiple vulnerabilities: - Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132588 published 2020-01-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132588 title NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0262) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-3395-1.NASL description This update for mozilla-nspr, mozilla-nss fixes the following issues : mozilla-nss was updated to NSS 3.47.1 : Security issues fixed : CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: Whitespace in C files was cleaned up and no longer uses tab characters for indenting. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132518 published 2019-12-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132518 title SUSE SLED15 / SLES15 Security Update : mozilla-nspr, mozilla-nss (SUSE-SU-2019:3395-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1267.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1267 advisory. - ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-23 modified 2020-04-01 plugin id 135092 published 2020-04-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135092 title RHEL 7 : nss-softokn (RHSA-2020:1267) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4216-1.NASL description Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 131924 published 2019-12-10 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131924 title Ubuntu 18.04 LTS / 19.04 / 19.10 : firefox vulnerabilities (USN-4216-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2008.NASL description A vulnerability has been discovered in nss, the Mozilla Network Security Service library. An out-of-bounds write can occur when passing an output buffer smaller than the block size to NSC_EncryptUpdate. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 131293 published 2019-11-26 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131293 title Debian DLA-2008-1 : nss security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0466.NASL description An update for nss-softokn is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 133635 published 2020-02-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133635 title RHEL 6 : nss-softokn (RHSA-2020:0466) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-3.NASL description This update for MozillaThunderbird fixes the following issues : Mozilla Thunderbird was updated to 68.3esr (MFSA 2019-38 bsc#1158328) 	 Security issues fixed : - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Other issues addressed : - New: Message display toolbar action WebExtension API (bmo#1531597) - New: Navigation buttons are now available in content tabs (bmo#787683) - Fixed an issue where write window was not always correct (bmo#1593280) - Fixed toolbar issues (bmo#1584160) - Fixed issues with LDAP lookup when SSL was enabled (bmo#1576364) - Fixed an issue with scam link confirmation panel (bmo#1596413) - Fixed an issue with the write window where the Link Properties dialog was not showing named anchors in context menu (bmo#1593629) - Fixed issues with calendar (bmo#1588516) - Fixed issues with chat where reordering via drag-and-drop was not working on Instant messaging status dialog (bmo#1591505) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 132764 published 2020-01-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132764 title openSUSE Security Update : MozillaThunderbird (openSUSE-2020-3) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-37.NASL description The remote host is affected by the vulnerability described in GLSA-202003-37 (Mozilla Network Security Service: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Network Security Service (NSS). Please review the CVE identifiers referenced below for details. Impact : An attacker could execute arbitrary code, cause a Denial of Service condition or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-03-21 modified 2020-03-18 plugin id 134643 published 2020-03-18 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134643 title GLSA-202003-37 : Mozilla Network Security Service: Multiple vulnerabilities NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2020-0005_NSS.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has nss packages installed that are affected by multiple vulnerabilities: - Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729) - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-11745) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 133085 published 2020-01-20 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133085 title NewStart CGSL CORE 5.05 / MAIN 5.05 : nss Multiple Vulnerabilities (NS-SA-2020-0005) NASL family Windows NASL id MOZILLA_FIREFOX_71_0.NASL description The version of Firefox installed on the remote Windows host is prior to 71.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-36 advisory. - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. (CVE-2019-11745) - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). (CVE-2019-11756) - When setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitable crash. Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-13722) - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. (CVE-2019-17008) - When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. - Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. (CVE-2019-17009) - Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. (CVE-2019-17010) - Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. (CVE-2019-17011) - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2019-17012) - Mozilla developers and community members Philipp, Diego Calleja, Mikhail Gavrilov, Jason Kratzer, Christian Holler, Markus Stange, Tyson Smith reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2019-17013) - If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. (CVE-2019-17014) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 131773 published 2019-12-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131773 title Mozilla Firefox < 71.0 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-10.NASL description The remote host is affected by the vulnerability described in GLSA-202003-10 (Mozilla Thunderbird: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, or conduct Cross-Site Request Forgery (CSRF). Workaround : There is no known workaround at this time. last seen 2020-05-08 modified 2020-03-16 plugin id 134587 published 2020-03-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134587 title GLSA-202003-10 : Mozilla Thunderbird: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1461.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1461 advisory. - ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-23 modified 2020-04-14 plugin id 135460 published 2020-04-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135460 title RHEL 7 : nss-softokn (RHSA-2020:1461) NASL family Windows NASL id MOZILLA_THUNDERBIRD_68_3.NASL description The version of Thunderbird installed on the remote Windows host is prior to 68.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-38 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 131956 published 2019-12-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131956 title Mozilla Thunderbird < 68.3 NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-8.NASL description This update for mozilla-nspr, mozilla-nss fixes the following issues : mozilla-nss was updated to NSS 3.47.1 : Security issues fixed : - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23 : - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 132849 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132849 title openSUSE Security Update : mozilla-nspr / mozilla-nss (openSUSE-2020-8) NASL family MacOS X Local Security Checks NASL id MACOS_FIREFOX_68_3_ESR.NASL description The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-37 advisory, including the following: - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. (CVE-2019-11745) - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. (CVE-2019-17008) - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2019-17012) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 131766 published 2019-12-06 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131766 title Mozilla Firefox ESR 68.x < 68.3 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-4114.NASL description An update for nss is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 131920 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131920 title RHEL 8 : nss (RHSA-2019:4114) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-4152.NASL description An update for nss-softokn is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 131978 published 2019-12-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131978 title RHEL 6 : nss-softokn (RHSA-2019:4152) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-4152.NASL description An update for nss-softokn is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 131959 published 2019-12-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131959 title CentOS 6 : nss-softokn (CESA-2019:4152)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://www.mozilla.org/security/advisories/mfsa2019-38/
- https://www.mozilla.org/security/advisories/mfsa2019-37/
- https://www.mozilla.org/security/advisories/mfsa2019-36/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1586176
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html
- https://usn.ubuntu.com/4241-1/
- https://access.redhat.com/errata/RHSA-2020:0243
- https://access.redhat.com/errata/RHSA-2020:0466
- https://security.gentoo.org/glsa/202003-02
- https://security.gentoo.org/glsa/202003-10
- https://security.gentoo.org/glsa/202003-37
- https://usn.ubuntu.com/4335-1/
- https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04