Vulnerabilities > CVE-2019-11745 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.

Vulnerable Configurations

Part Description Count
Application
Mozilla
1171
OS
Opensuse
1
OS
Canonical
3
OS
Debian
1
OS
Redhat
1
OS
Siemens
8
Hardware
Siemens
8

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4114.NASL
    descriptionFrom Red Hat Security Advisory 2019:4114 : An update for nss is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id131915
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131915
    titleOracle Linux 8 : nss (ELSA-2019-4114)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2019:4114 and 
    # Oracle Linux Security Advisory ELSA-2019-4114 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131915);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/15");
    
      script_cve_id("CVE-2019-11745");
      script_xref(name:"RHSA", value:"2019:4114");
    
      script_name(english:"Oracle Linux 8 : nss (ELSA-2019-4114)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2019:4114 :
    
    An update for nss is now available for Red Hat Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Network Security Services (NSS) is a set of libraries designed to
    support the cross-platform development of security-enabled client and
    server applications.
    
    Security Fix(es) :
    
    * nss: Out-of-bounds write when passing an output buffer smaller than
    the block size to NSC_EncryptUpdate (CVE-2019-11745)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2019-December/009435.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected nss packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11745");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-softokn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-softokn-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-softokn-freebl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-softokn-freebl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-sysinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-util");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-util-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 8", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-3.44.0-9.el8_1")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-devel-3.44.0-9.el8_1")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-softokn-3.44.0-9.el8_1")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-softokn-devel-3.44.0-9.el8_1")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-softokn-freebl-3.44.0-9.el8_1")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-softokn-freebl-devel-3.44.0-9.el8_1")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-sysinit-3.44.0-9.el8_1")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-tools-3.44.0-9.el8_1")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-util-3.44.0-9.el8_1")) flag++;
    if (rpm_check(release:"EL8", cpu:"x86_64", reference:"nss-util-devel-3.44.0-9.el8_1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-devel / nss-softokn / nss-softokn-devel / etc");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2020-1379.NASL
    descriptionEmpty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729) A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. (CVE-2019-11745)
    last seen2020-06-01
    modified2020-06-02
    plugin id132734
    published2020-01-09
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132734
    titleAmazon Linux 2 : nss-softokn (ALAS-2020-1379)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux 2 Security Advisory ALAS-2020-1379.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132734);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/15");
    
      script_cve_id("CVE-2019-11729", "CVE-2019-11745");
      script_xref(name:"ALAS", value:"2020-1379");
    
      script_name(english:"Amazon Linux 2 : nss-softokn (ALAS-2020-1379)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux 2 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Empty or malformed p256-ECDH public keys may trigger a segmentation
    fault due values being improperly sanitized before being copied into
    memory and used. This vulnerability affects Firefox ESR < 60.8,
    Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729)
    
    A heap-based buffer overflow was found in the NSC_EncryptUpdate()
    function in Mozilla nss. A remote attacker could trigger this flaw via
    SRTP encrypt or decrypt operations, to execute arbitrary code with the
    permissions of the user running the application (compiled with nss).
    While the attack complexity is high, the impact to confidentiality,
    integrity, and availability are high as well. (CVE-2019-11745)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/AL2/ALAS-2020-1379.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update nss-softokn' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11745");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-freebl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-freebl-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "2")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"AL2", reference:"nss-softokn-3.44.0-8.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"nss-softokn-debuginfo-3.44.0-8.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"nss-softokn-devel-3.44.0-8.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"nss-softokn-freebl-3.44.0-8.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"nss-softokn-freebl-devel-3.44.0-8.amzn2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss-softokn / nss-softokn-debuginfo / nss-softokn-devel / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1345.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1345 advisory. - ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-07
    plugin id135250
    published2020-04-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135250
    titleRHEL 7 : nss-softokn (RHSA-2020:1345)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1345. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(135250);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/21");
    
      script_cve_id("CVE-2018-0495", "CVE-2019-11745");
      script_bugtraq_id(107967);
      script_xref(name:"RHSA", value:"2020:1345");
    
      script_name(english:"RHEL 7 : nss-softokn (RHSA-2020:1345)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
    referenced in the RHSA-2020:1345 advisory.
    
      - ROHNP: Key Extraction Side Channel in Multiple Crypto
        Libraries (CVE-2018-0495)
    
      - nss: Out-of-bounds write when passing an output buffer
        smaller than the block size to NSC_EncryptUpdate
        (CVE-2019-11745)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/200.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/787.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1345");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-0495");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-11745");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11745");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(200, 787);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_aus:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_aus:7.4::server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_e4s:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_e4s:7.4::server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_tus:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_tus:7.4::server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl-devel");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^7\.4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'nss-softokn-3.28.3-9.el7_4', 'sp':'4', 'cpu':'i686', 'release':'7'},
        {'reference':'nss-softokn-3.28.3-9.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7'},
        {'reference':'nss-softokn-devel-3.28.3-9.el7_4', 'sp':'4', 'cpu':'i686', 'release':'7'},
        {'reference':'nss-softokn-devel-3.28.3-9.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7'},
        {'reference':'nss-softokn-freebl-3.28.3-9.el7_4', 'sp':'4', 'cpu':'i686', 'release':'7'},
        {'reference':'nss-softokn-freebl-3.28.3-9.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7'},
        {'reference':'nss-softokn-freebl-devel-3.28.3-9.el7_4', 'sp':'4', 'cpu':'i686', 'release':'7'},
        {'reference':'nss-softokn-freebl-devel-3.28.3-9.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nss-softokn / nss-softokn-devel / nss-softokn-freebl / etc');
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4241-1.NASL
    descriptionMultiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026) It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133040
    published2020-01-17
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133040
    titleUbuntu 18.04 LTS / 19.10 : thunderbird vulnerabilities (USN-4241-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4241-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133040);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/21");
    
      script_cve_id("CVE-2019-11745", "CVE-2019-17005", "CVE-2019-17008", "CVE-2019-17010", "CVE-2019-17011", "CVE-2019-17012", "CVE-2019-17016", "CVE-2019-17017", "CVE-2019-17022", "CVE-2019-17024", "CVE-2019-17026");
      script_xref(name:"USN", value:"4241-1");
    
      script_name(english:"Ubuntu 18.04 LTS / 19.10 : thunderbird vulnerabilities (USN-4241-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple security issues were discovered in Thunderbird. If a user
    were tricked in to opening a specially crafted website in a browsing
    context, an attacker could potentially exploit these to cause a denial
    of service, conduct cross-site scripting (XSS) attacks, or execute
    arbitrary code. (CVE-2019-17005, CVE-2019-17008, CVE-2019-17010,
    CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017,
    CVE-2019-17022, CVE-2019-17024, CVE-2019-17026)
    
    It was discovered that NSS incorrectly handled certain memory
    operations. A remote attacker could potentially exploit this to cause
    a denial of service, or execute arbitrary code. (CVE-2019-11745).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4241-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected thunderbird package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:thunderbird");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(18\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04 / 19.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"18.04", pkgname:"thunderbird", pkgver:"1:68.4.1+build1-0ubuntu0.18.04.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"thunderbird", pkgver:"1:68.4.1+build1-0ubuntu0.19.10.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20191210_NSS__NSS_SOFTOKN__NSS_UTIL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) - nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729)
    last seen2020-03-18
    modified2019-12-12
    plugin id131987
    published2019-12-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131987
    titleScientific Linux Security Update : nss, nss-softokn, nss-util on SL7.x x86_64 (20191210)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131987);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2019-11729", "CVE-2019-11745");
    
      script_name(english:"Scientific Linux Security Update : nss, nss-softokn, nss-util on SL7.x x86_64 (20191210)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - nss: Out-of-bounds write when passing an output buffer
        smaller than the block size to NSC_EncryptUpdate
        (CVE-2019-11745)
    
      - nss: Empty or malformed p256-ECDH public keys may
        trigger a segmentation fault (CVE-2019-11729)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1912&L=SCIENTIFIC-LINUX-ERRATA&P=9365
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6adcc52e"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11745");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-pkcs11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn-freebl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn-freebl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-sysinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-util");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-util-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-util-devel");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-3.44.0-7.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-debuginfo-3.44.0-7.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-devel-3.44.0-7.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-pkcs11-devel-3.44.0-7.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-3.44.0-8.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-debuginfo-3.44.0-8.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-devel-3.44.0-8.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-freebl-3.44.0-8.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-freebl-devel-3.44.0-8.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-sysinit-3.44.0-7.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-tools-3.44.0-7.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-util-3.44.0-4.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-util-debuginfo-3.44.0-4.el7_7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-util-devel-3.44.0-4.el7_7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-softokn / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0243.NASL
    descriptionAn update for nss is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id133286
    published2020-01-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133286
    titleRHEL 8 : nss (RHSA-2020:0243)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0243. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133286);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/30");
    
      script_cve_id("CVE-2019-11745");
      script_xref(name:"RHSA", value:"2020:0243");
    
      script_name(english:"RHEL 8 : nss (RHSA-2020:0243)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for nss is now available for Red Hat Enterprise Linux 8.0
    Update Services for SAP Solutions.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Network Security Services (NSS) is a set of libraries designed to
    support the cross-platform development of security-enabled client and
    server applications.
    
    Security Fix(es) :
    
    * nss: Out-of-bounds write when passing an output buffer smaller than
    the block size to NSC_EncryptUpdate (CVE-2019-11745)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0243"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-11745"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-sysinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-sysinit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-util");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-util-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-util-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8\.0([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.0", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2020:0243";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-debuginfo-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-debuginfo-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-debugsource-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-debugsource-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-devel-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-devel-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-softokn-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-softokn-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-softokn-debuginfo-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-softokn-debuginfo-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-softokn-devel-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-softokn-devel-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-softokn-freebl-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-softokn-freebl-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-softokn-freebl-debuginfo-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-softokn-freebl-debuginfo-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-softokn-freebl-devel-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-softokn-freebl-devel-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-sysinit-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-sysinit-debuginfo-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-sysinit-debuginfo-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-tools-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-tools-debuginfo-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-tools-debuginfo-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-util-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-util-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-util-debuginfo-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-util-debuginfo-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"i686", reference:"nss-util-devel-3.44.0-8.el8_0")) flag++;
      if (rpm_check(release:"RHEL8", sp:"0", cpu:"x86_64", reference:"nss-util-devel-3.44.0-8.el8_0")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-debuginfo / nss-debugsource / nss-devel / nss-softokn / etc");
      }
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2020-0018_NSS-SOFTOKN.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has nss-softokn packages installed that are affected by a vulnerability: - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-11745) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-18
    modified2020-03-08
    plugin id134322
    published2020-03-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134322
    titleNewStart CGSL MAIN 4.05 : nss-softokn Vulnerability (NS-SA-2020-0018)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-337-01.NASL
    descriptionNew mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131681
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131681
    titleSlackware 14.2 / current : mozilla-firefox (SSA:2019-337-01)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-4190.NASL
    descriptionAn update for nss, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) * nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id132400
    published2019-12-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132400
    titleCentOS 7 : nss / nss-softokn / nss-util (CESA-2019:4190)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4190.NASL
    descriptionFrom Red Hat Security Advisory 2019:4190 : An update for nss, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) * nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id131973
    published2019-12-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131973
    titleOracle Linux 7 : nss / nss-softokn / nss-util (ELSA-2019-4190)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2020-1384.NASL
    descriptionA heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. (CVE-2019-11745) Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729)
    last seen2020-06-01
    modified2020-06-02
    plugin id133094
    published2020-01-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133094
    titleAmazon Linux 2 : nss (ALAS-2020-1384)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_FIREFOX_71_0.NASL
    descriptionThe version of Firefox installed on the remote macOS or Mac OS X host is prior to 71.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-36 advisory. - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. (CVE-2019-11745) - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). (CVE-2019-11756) - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. (CVE-2019-17008) - Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. (CVE-2019-17010) - Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. (CVE-2019-17011) - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2019-17012) - Mozilla developers and community members Philipp, Diego Calleja, Mikhail Gavrilov, Jason Kratzer, Christian Holler, Markus Stange, Tyson Smith reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2019-17013) - If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. (CVE-2019-17014) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id131772
    published2019-12-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131772
    titleMozilla Firefox < 71.0
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4579.NASL
    descriptionTwo vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service and potentially the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id131784
    published2019-12-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131784
    titleDebian DSA-4579-1 : nss - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3347-1.NASL
    descriptionThis update for MozillaFirefox fixes the following issues : Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328) Security issues fixed : CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132336
    published2019-12-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132336
    titleSUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:3347-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3337-1.NASL
    descriptionThis update for MozillaFirefox fixes the following issues : Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328) Security issues fixed : CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132308
    published2019-12-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132308
    titleSUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:3337-1)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_68_3_ESR.NASL
    descriptionThe version of Firefox ESR installed on the remote Windows host is prior to 68.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-37 advisory, including the following: - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. (CVE-2019-11745) - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. (CVE-2019-17008) - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2019-17012) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id131767
    published2019-12-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131767
    titleMozilla Firefox ESR 68.x < 68.3 Multiple vulnerabilities
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2020-1355.NASL
    descriptionA heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. (CVE-2019-11745) A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. (CVE-2018-12404) Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729 ) Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. (CVE-2018-0495)
    last seen2020-03-23
    modified2020-03-19
    plugin id134681
    published2020-03-19
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134681
    titleAmazon Linux AMI : nss / nss-softokn,nss-util,nspr (ALAS-2020-1355)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0088-1.NASL
    descriptionThis update for mozilla-nspr, mozilla-nss fixes the following issues : mozilla-nss was updated to NSS 3.47.1 : Security issues fixed : CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: Whitespace in C files was cleaned up and no longer uses tab characters for indenting. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132924
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132924
    titleSUSE SLED12 / SLES12 Security Update : mozilla-nspr, mozilla-nss (SUSE-SU-2020:0088-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20191210_NSS_SOFTOKN_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745)
    last seen2020-03-18
    modified2019-12-12
    plugin id131988
    published2019-12-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131988
    titleScientific Linux Security Update : nss-softokn on SL6.x i386/x86_64 (20191210)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4203-1.NASL
    descriptionIt was discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131559
    published2019-12-03
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131559
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : nss vulnerability (USN-4203-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4335-1.NASL
    descriptionMultiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6825) It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745) It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755) A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-15903) It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792) Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, CVE-2020-6822) It was discovered that if a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2020-6794) It was discovered that the Devtools
    last seen2020-05-08
    modified2020-04-22
    plugin id135896
    published2020-04-22
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135896
    titleUbuntu 16.04 LTS : thunderbird vulnerabilities (USN-4335-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-02 (Mozilla Firefox: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen2020-05-08
    modified2020-03-13
    plugin id134469
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134469
    titleGLSA-202003-02 : Mozilla Firefox: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-4190.NASL
    descriptionAn update for nss, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) * nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id131984
    published2019-12-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131984
    titleRHEL 7 : nss, nss-softokn, nss-util (RHSA-2019:4190)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-2.NASL
    descriptionThis update for MozillaFirefox fixes the following issues : Mozilla Firefox was updated to 68.3esr (MFSA 2019-37 bsc#1158328)&#9; &#9; Security issues fixed : - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id132763
    published2020-01-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132763
    titleopenSUSE Security Update : MozillaFirefox (openSUSE-2020-2)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4152.NASL
    descriptionFrom Red Hat Security Advisory 2019:4152 : An update for nss-softokn is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id131972
    published2019-12-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131972
    titleOracle Linux 6 : nss-softokn (ELSA-2019-4152)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_THUNDERBIRD_68_3.NASL
    descriptionThe version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-38 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id131955
    published2019-12-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131955
    titleMozilla Thunderbird < 68.3
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0262_NSS.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has nss packages installed that are affected by multiple vulnerabilities: - Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132588
    published2020-01-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132588
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0262)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-3395-1.NASL
    descriptionThis update for mozilla-nspr, mozilla-nss fixes the following issues : mozilla-nss was updated to NSS 3.47.1 : Security issues fixed : CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23: Whitespace in C files was cleaned up and no longer uses tab characters for indenting. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132518
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132518
    titleSUSE SLED15 / SLES15 Security Update : mozilla-nspr, mozilla-nss (SUSE-SU-2019:3395-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1267.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1267 advisory. - ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135092
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135092
    titleRHEL 7 : nss-softokn (RHSA-2020:1267)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4216-1.NASL
    descriptionMultiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131924
    published2019-12-10
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131924
    titleUbuntu 18.04 LTS / 19.04 / 19.10 : firefox vulnerabilities (USN-4216-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2008.NASL
    descriptionA vulnerability has been discovered in nss, the Mozilla Network Security Service library. An out-of-bounds write can occur when passing an output buffer smaller than the block size to NSC_EncryptUpdate. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id131293
    published2019-11-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131293
    titleDebian DLA-2008-1 : nss security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0466.NASL
    descriptionAn update for nss-softokn is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id133635
    published2020-02-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133635
    titleRHEL 6 : nss-softokn (RHSA-2020:0466)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-3.NASL
    descriptionThis update for MozillaThunderbird fixes the following issues : Mozilla Thunderbird was updated to 68.3esr (MFSA 2019-38 bsc#1158328) &#9; Security issues fixed : - CVE-2019-17008: Fixed a use-after-free in worker destruction (bmo#1546331) - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code (bmo#1580156) - CVE-2019-11745: Fixed an out of bounds write in NSS when encrypting with a block cipher (bmo#1586176) - CVE-2019-17009: Fixed an issue where updater temporary files accessible to unprivileged processes (bmo#1510494) - CVE-2019-17010: Fixed a use-after-free when performing device orientation checks (bmo#1581084) - CVE-2019-17005: Fixed a buffer overflow in plain text serializer (bmo#1584170) - CVE-2019-17011: Fixed a use-after-free when retrieving a document in antitracking (bmo#1591334) - CVE-2019-17012: Fixed multiple memmory issues (bmo#1449736, bmo#1533957, bmo#1560667,bmo#1567209, bmo#1580288, bmo#1585760, bmo#1592502) Other issues addressed : - New: Message display toolbar action WebExtension API (bmo#1531597) - New: Navigation buttons are now available in content tabs (bmo#787683) - Fixed an issue where write window was not always correct (bmo#1593280) - Fixed toolbar issues (bmo#1584160) - Fixed issues with LDAP lookup when SSL was enabled (bmo#1576364) - Fixed an issue with scam link confirmation panel (bmo#1596413) - Fixed an issue with the write window where the Link Properties dialog was not showing named anchors in context menu (bmo#1593629) - Fixed issues with calendar (bmo#1588516) - Fixed issues with chat where reordering via drag-and-drop was not working on Instant messaging status dialog (bmo#1591505) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id132764
    published2020-01-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132764
    titleopenSUSE Security Update : MozillaThunderbird (openSUSE-2020-3)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-37.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-37 (Mozilla Network Security Service: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Network Security Service (NSS). Please review the CVE identifiers referenced below for details. Impact : An attacker could execute arbitrary code, cause a Denial of Service condition or have other unspecified impact. Workaround : There is no known workaround at this time.
    last seen2020-03-21
    modified2020-03-18
    plugin id134643
    published2020-03-18
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134643
    titleGLSA-202003-37 : Mozilla Network Security Service: Multiple vulnerabilities
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2020-0005_NSS.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has nss packages installed that are affected by multiple vulnerabilities: - Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729) - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. (CVE-2019-11745) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id133085
    published2020-01-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133085
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : nss Multiple Vulnerabilities (NS-SA-2020-0005)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_71_0.NASL
    descriptionThe version of Firefox installed on the remote Windows host is prior to 71.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-36 advisory. - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. (CVE-2019-11745) - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). (CVE-2019-11756) - When setting a thread name on Windows in WebRTC, an incorrect number of arguments could have been supplied, leading to stack corruption and a potentially exploitable crash. Note: this issue only occurs on Windows. Other operating systems are unaffected. (CVE-2019-13722) - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. (CVE-2019-17008) - When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. - Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. (CVE-2019-17009) - Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. (CVE-2019-17010) - Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. (CVE-2019-17011) - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2019-17012) - Mozilla developers and community members Philipp, Diego Calleja, Mikhail Gavrilov, Jason Kratzer, Christian Holler, Markus Stange, Tyson Smith reported memory safety bugs present in Firefox 70. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2019-17013) - If an image had not loaded correctly (such as when it is not actually an image), it could be dragged and dropped cross-domain, resulting in a cross-origin information leak. (CVE-2019-17014) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id131773
    published2019-12-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131773
    titleMozilla Firefox < 71.0
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-10 (Mozilla Thunderbird: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, or conduct Cross-Site Request Forgery (CSRF). Workaround : There is no known workaround at this time.
    last seen2020-05-08
    modified2020-03-16
    plugin id134587
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134587
    titleGLSA-202003-10 : Mozilla Thunderbird: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1461.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1461 advisory. - ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-14
    plugin id135460
    published2020-04-14
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135460
    titleRHEL 7 : nss-softokn (RHSA-2020:1461)
  • NASL familyWindows
    NASL idMOZILLA_THUNDERBIRD_68_3.NASL
    descriptionThe version of Thunderbird installed on the remote Windows host is prior to 68.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-38 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id131956
    published2019-12-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131956
    titleMozilla Thunderbird < 68.3
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-8.NASL
    descriptionThis update for mozilla-nspr, mozilla-nss fixes the following issues : mozilla-nss was updated to NSS 3.47.1 : Security issues fixed : - CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819). - CVE-2019-11745: EncryptUpdate should use maxout, not block size (bsc#1158527). - CVE-2019-11727: Fixed vulnerability sign CertificateVerify with PKCS#1 v1.5 signatures issue (bsc#1141322). mozilla-nspr was updated to version 4.23 : - Whitespace in C files was cleaned up and no longer uses tab characters for indenting. This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id132849
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132849
    titleopenSUSE Security Update : mozilla-nspr / mozilla-nss (openSUSE-2020-8)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_FIREFOX_68_3_ESR.NASL
    descriptionThe version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-37 advisory, including the following: - When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. (CVE-2019-11745) - When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. (CVE-2019-17008) - Mozilla developers Christoph Diehl, Nathan Froyd, Jason Kratzer, Christian Holler, Karl Tomlinson, Tyson Smith reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2019-17012) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id131766
    published2019-12-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131766
    titleMozilla Firefox ESR 68.x < 68.3 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-4114.NASL
    descriptionAn update for nss is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id131920
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131920
    titleRHEL 8 : nss (RHSA-2019:4114)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-4152.NASL
    descriptionAn update for nss-softokn is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id131978
    published2019-12-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131978
    titleRHEL 6 : nss-softokn (RHSA-2019:4152)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-4152.NASL
    descriptionAn update for nss-softokn is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es) : * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id131959
    published2019-12-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131959
    titleCentOS 6 : nss-softokn (CESA-2019:4152)

Redhat

advisories
  • bugzilla
    id1774831
    titleCVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentnss-debugsource is earlier than 0:3.44.0-9.el8_1
            ovaloval:com.redhat.rhsa:tst:20194114001
          • commentnss-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191951022
        • AND
          • commentnss-util-devel is earlier than 0:3.44.0-9.el8_1
            ovaloval:com.redhat.rhsa:tst:20194114003
          • commentnss-util-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364016
        • AND
          • commentnss-util is earlier than 0:3.44.0-9.el8_1
            ovaloval:com.redhat.rhsa:tst:20194114005
          • commentnss-util is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364018
        • AND
          • commentnss-tools is earlier than 0:3.44.0-9.el8_1
            ovaloval:com.redhat.rhsa:tst:20194114007
          • commentnss-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364012
        • AND
          • commentnss-sysinit is earlier than 0:3.44.0-9.el8_1
            ovaloval:com.redhat.rhsa:tst:20194114009
          • commentnss-sysinit is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364008
        • AND
          • commentnss-softokn-freebl-devel is earlier than 0:3.44.0-9.el8_1
            ovaloval:com.redhat.rhsa:tst:20194114011
          • commentnss-softokn-freebl-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364024
        • AND
          • commentnss-softokn-freebl is earlier than 0:3.44.0-9.el8_1
            ovaloval:com.redhat.rhsa:tst:20194114013
          • commentnss-softokn-freebl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364020
        • AND
          • commentnss-softokn-devel is earlier than 0:3.44.0-9.el8_1
            ovaloval:com.redhat.rhsa:tst:20194114015
          • commentnss-softokn-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364026
        • AND
          • commentnss-softokn is earlier than 0:3.44.0-9.el8_1
            ovaloval:com.redhat.rhsa:tst:20194114017
          • commentnss-softokn is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364022
        • AND
          • commentnss-devel is earlier than 0:3.44.0-9.el8_1
            ovaloval:com.redhat.rhsa:tst:20194114019
          • commentnss-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364014
        • AND
          • commentnss is earlier than 0:3.44.0-9.el8_1
            ovaloval:com.redhat.rhsa:tst:20194114021
          • commentnss is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364010
    rhsa
    idRHSA-2019:4114
    released2019-12-09
    severityImportant
    titleRHSA-2019:4114: nss security update (Important)
  • bugzilla
    id1774831
    titleCVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentnss-softokn-freebl-devel is earlier than 0:3.44.0-6.el6_10
            ovaloval:com.redhat.rhsa:tst:20194152001
          • commentnss-softokn-freebl-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364024
        • AND
          • commentnss-softokn-freebl is earlier than 0:3.44.0-6.el6_10
            ovaloval:com.redhat.rhsa:tst:20194152003
          • commentnss-softokn-freebl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364020
        • AND
          • commentnss-softokn-devel is earlier than 0:3.44.0-6.el6_10
            ovaloval:com.redhat.rhsa:tst:20194152005
          • commentnss-softokn-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364026
        • AND
          • commentnss-softokn is earlier than 0:3.44.0-6.el6_10
            ovaloval:com.redhat.rhsa:tst:20194152007
          • commentnss-softokn is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364022
    rhsa
    idRHSA-2019:4152
    released2019-12-10
    severityImportant
    titleRHSA-2019:4152: nss-softokn security update (Important)
  • bugzilla
    id1774831
    titleCVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentnss-softokn-freebl-devel is earlier than 0:3.44.0-8.el7_7
            ovaloval:com.redhat.rhsa:tst:20194190001
          • commentnss-softokn-freebl-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364024
        • AND
          • commentnss-softokn-freebl is earlier than 0:3.44.0-8.el7_7
            ovaloval:com.redhat.rhsa:tst:20194190003
          • commentnss-softokn-freebl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364020
        • AND
          • commentnss-softokn-devel is earlier than 0:3.44.0-8.el7_7
            ovaloval:com.redhat.rhsa:tst:20194190005
          • commentnss-softokn-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364026
        • AND
          • commentnss-softokn is earlier than 0:3.44.0-8.el7_7
            ovaloval:com.redhat.rhsa:tst:20194190007
          • commentnss-softokn is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364022
        • AND
          • commentnss-util-devel is earlier than 0:3.44.0-4.el7_7
            ovaloval:com.redhat.rhsa:tst:20194190009
          • commentnss-util-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364016
        • AND
          • commentnss-util is earlier than 0:3.44.0-4.el7_7
            ovaloval:com.redhat.rhsa:tst:20194190011
          • commentnss-util is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364018
        • AND
          • commentnss-pkcs11-devel is earlier than 0:3.44.0-7.el7_7
            ovaloval:com.redhat.rhsa:tst:20194190013
          • commentnss-pkcs11-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364006
        • AND
          • commentnss-tools is earlier than 0:3.44.0-7.el7_7
            ovaloval:com.redhat.rhsa:tst:20194190015
          • commentnss-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364012
        • AND
          • commentnss-sysinit is earlier than 0:3.44.0-7.el7_7
            ovaloval:com.redhat.rhsa:tst:20194190017
          • commentnss-sysinit is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364008
        • AND
          • commentnss-devel is earlier than 0:3.44.0-7.el7_7
            ovaloval:com.redhat.rhsa:tst:20194190019
          • commentnss-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364014
        • AND
          • commentnss is earlier than 0:3.44.0-7.el7_7
            ovaloval:com.redhat.rhsa:tst:20194190021
          • commentnss is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364010
    rhsa
    idRHSA-2019:4190
    released2019-12-10
    severityImportant
    titleRHSA-2019:4190: nss, nss-softokn, nss-util security update (Important)
  • rhsa
    idRHSA-2020:0243
  • rhsa
    idRHSA-2020:0466
rpms
  • nss-0:3.44.0-9.el8_1
  • nss-debuginfo-0:3.44.0-9.el8_1
  • nss-debugsource-0:3.44.0-9.el8_1
  • nss-devel-0:3.44.0-9.el8_1
  • nss-softokn-0:3.44.0-9.el8_1
  • nss-softokn-debuginfo-0:3.44.0-9.el8_1
  • nss-softokn-devel-0:3.44.0-9.el8_1
  • nss-softokn-freebl-0:3.44.0-9.el8_1
  • nss-softokn-freebl-debuginfo-0:3.44.0-9.el8_1
  • nss-softokn-freebl-devel-0:3.44.0-9.el8_1
  • nss-sysinit-0:3.44.0-9.el8_1
  • nss-sysinit-debuginfo-0:3.44.0-9.el8_1
  • nss-tools-0:3.44.0-9.el8_1
  • nss-tools-debuginfo-0:3.44.0-9.el8_1
  • nss-util-0:3.44.0-9.el8_1
  • nss-util-debuginfo-0:3.44.0-9.el8_1
  • nss-util-devel-0:3.44.0-9.el8_1
  • nss-softokn-0:3.44.0-6.el6_10
  • nss-softokn-debuginfo-0:3.44.0-6.el6_10
  • nss-softokn-devel-0:3.44.0-6.el6_10
  • nss-softokn-freebl-0:3.44.0-6.el6_10
  • nss-softokn-freebl-devel-0:3.44.0-6.el6_10
  • nss-0:3.44.0-7.el7_7
  • nss-debuginfo-0:3.44.0-7.el7_7
  • nss-devel-0:3.44.0-7.el7_7
  • nss-pkcs11-devel-0:3.44.0-7.el7_7
  • nss-softokn-0:3.44.0-8.el7_7
  • nss-softokn-debuginfo-0:3.44.0-8.el7_7
  • nss-softokn-devel-0:3.44.0-8.el7_7
  • nss-softokn-freebl-0:3.44.0-8.el7_7
  • nss-softokn-freebl-devel-0:3.44.0-8.el7_7
  • nss-sysinit-0:3.44.0-7.el7_7
  • nss-tools-0:3.44.0-7.el7_7
  • nss-util-0:3.44.0-4.el7_7
  • nss-util-debuginfo-0:3.44.0-4.el7_7
  • nss-util-devel-0:3.44.0-4.el7_7
  • nss-0:3.44.0-8.el8_0
  • nss-debuginfo-0:3.44.0-8.el8_0
  • nss-debugsource-0:3.44.0-8.el8_0
  • nss-devel-0:3.44.0-8.el8_0
  • nss-softokn-0:3.44.0-8.el8_0
  • nss-softokn-debuginfo-0:3.44.0-8.el8_0
  • nss-softokn-devel-0:3.44.0-8.el8_0
  • nss-softokn-freebl-0:3.44.0-8.el8_0
  • nss-softokn-freebl-debuginfo-0:3.44.0-8.el8_0
  • nss-softokn-freebl-devel-0:3.44.0-8.el8_0
  • nss-sysinit-0:3.44.0-8.el8_0
  • nss-sysinit-debuginfo-0:3.44.0-8.el8_0
  • nss-tools-0:3.44.0-8.el8_0
  • nss-tools-debuginfo-0:3.44.0-8.el8_0
  • nss-util-0:3.44.0-8.el8_0
  • nss-util-debuginfo-0:3.44.0-8.el8_0
  • nss-util-devel-0:3.44.0-8.el8_0
  • nss-softokn-0:3.14.3-23.el6_6
  • nss-softokn-debuginfo-0:3.14.3-23.el6_6
  • nss-softokn-devel-0:3.14.3-23.el6_6
  • nss-softokn-freebl-0:3.14.3-23.el6_6
  • nss-softokn-freebl-devel-0:3.14.3-23.el6_6
  • nss-softokn-0:3.36.0-6.el7_5
  • nss-softokn-debuginfo-0:3.36.0-6.el7_5
  • nss-softokn-devel-0:3.36.0-6.el7_5
  • nss-softokn-freebl-0:3.36.0-6.el7_5
  • nss-softokn-freebl-devel-0:3.36.0-6.el7_5
  • nss-softokn-0:3.28.3-9.el7_4
  • nss-softokn-debuginfo-0:3.28.3-9.el7_4
  • nss-softokn-devel-0:3.28.3-9.el7_4
  • nss-softokn-freebl-0:3.28.3-9.el7_4
  • nss-softokn-freebl-devel-0:3.28.3-9.el7_4
  • nss-softokn-0:3.36.0-6.el7_6
  • nss-softokn-debuginfo-0:3.36.0-6.el7_6
  • nss-softokn-devel-0:3.36.0-6.el7_6
  • nss-softokn-freebl-0:3.36.0-6.el7_6
  • nss-softokn-freebl-devel-0:3.36.0-6.el7_6