ID CVE-2009-2409
Summary The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
References
Vulnerable Configurations
  • Mozilla Firefox
    cpe:2.3:a:mozilla:firefox
  • Mozilla Firefox
    cpe:2.3:a:mozilla:firefox
  • cpe:2.3:a:mozilla:nss:3.0
    cpe:2.3:a:mozilla:nss:3.0
  • cpe:2.3:a:mozilla:nss:3.2
    cpe:2.3:a:mozilla:nss:3.2
  • cpe:2.3:a:mozilla:nss:3.2.1
    cpe:2.3:a:mozilla:nss:3.2.1
  • cpe:2.3:a:mozilla:nss:3.3
    cpe:2.3:a:mozilla:nss:3.3
  • cpe:2.3:a:mozilla:nss:3.3.1
    cpe:2.3:a:mozilla:nss:3.3.1
  • cpe:2.3:a:mozilla:nss:3.3.2
    cpe:2.3:a:mozilla:nss:3.3.2
  • cpe:2.3:a:mozilla:nss:3.4
    cpe:2.3:a:mozilla:nss:3.4
  • cpe:2.3:a:mozilla:nss:3.4.1
    cpe:2.3:a:mozilla:nss:3.4.1
  • cpe:2.3:a:mozilla:nss:3.4.2
    cpe:2.3:a:mozilla:nss:3.4.2
  • cpe:2.3:a:mozilla:nss:3.4.3
    cpe:2.3:a:mozilla:nss:3.4.3
  • cpe:2.3:a:mozilla:nss:3.5
    cpe:2.3:a:mozilla:nss:3.5
  • cpe:2.3:a:mozilla:nss:3.6
    cpe:2.3:a:mozilla:nss:3.6
  • cpe:2.3:a:mozilla:nss:3.6.1
    cpe:2.3:a:mozilla:nss:3.6.1
  • cpe:2.3:a:mozilla:nss:3.7
    cpe:2.3:a:mozilla:nss:3.7
  • cpe:2.3:a:mozilla:nss:3.7.1
    cpe:2.3:a:mozilla:nss:3.7.1
  • cpe:2.3:a:mozilla:nss:3.7.2
    cpe:2.3:a:mozilla:nss:3.7.2
  • cpe:2.3:a:mozilla:nss:3.7.3
    cpe:2.3:a:mozilla:nss:3.7.3
  • cpe:2.3:a:mozilla:nss:3.7.5
    cpe:2.3:a:mozilla:nss:3.7.5
  • cpe:2.3:a:mozilla:nss:3.7.7
    cpe:2.3:a:mozilla:nss:3.7.7
  • cpe:2.3:a:mozilla:nss:3.8
    cpe:2.3:a:mozilla:nss:3.8
  • cpe:2.3:a:mozilla:nss:3.9
    cpe:2.3:a:mozilla:nss:3.9
  • cpe:2.3:a:mozilla:nss:3.9.5
    cpe:2.3:a:mozilla:nss:3.9.5
  • cpe:2.3:a:mozilla:nss:3.10
    cpe:2.3:a:mozilla:nss:3.10
  • cpe:2.3:a:mozilla:nss:3.11.2
    cpe:2.3:a:mozilla:nss:3.11.2
  • cpe:2.3:a:mozilla:nss:3.11.4
    cpe:2.3:a:mozilla:nss:3.11.4
  • cpe:2.3:a:mozilla:nss:3.11.7
    cpe:2.3:a:mozilla:nss:3.11.7
  • cpe:2.3:a:mozilla:nss:3.11.8
    cpe:2.3:a:mozilla:nss:3.11.8
  • cpe:2.3:a:mozilla:nss:3.12
    cpe:2.3:a:mozilla:nss:3.12
  • cpe:2.3:a:mozilla:nss:3.12.1
    cpe:2.3:a:mozilla:nss:3.12.1
  • cpe:2.3:a:mozilla:nss:3.12.2
    cpe:2.3:a:mozilla:nss:3.12.2
  • OpenSSL Project OpenSSL 0.9.8
    cpe:2.3:a:openssl:openssl:0.9.8
  • OpenSSL Project OpenSSL 0.9.8a
    cpe:2.3:a:openssl:openssl:0.9.8a
  • OpenSSL Project OpenSSL 0.9.8b
    cpe:2.3:a:openssl:openssl:0.9.8b
  • OpenSSL Project OpenSSL 0.9.8c
    cpe:2.3:a:openssl:openssl:0.9.8c
  • OpenSSL Project OpenSSL 0.9.8d
    cpe:2.3:a:openssl:openssl:0.9.8d
  • OpenSSL Project OpenSSL 0.9.8e
    cpe:2.3:a:openssl:openssl:0.9.8e
  • OpenSSL Project OpenSSL 0.9.8f
    cpe:2.3:a:openssl:openssl:0.9.8f
  • OpenSSL Project OpenSSL 0.9.8g
    cpe:2.3:a:openssl:openssl:0.9.8g
  • OpenSSL Project OpenSSL 0.9.8h
    cpe:2.3:a:openssl:openssl:0.9.8h
  • OpenSSL Project OpenSSL 0.9.8i
    cpe:2.3:a:openssl:openssl:0.9.8i
  • OpenSSL Project OpenSSL 0.9.8j
    cpe:2.3:a:openssl:openssl:0.9.8j
  • OpenSSL Project OpenSSL 0.9.8k
    cpe:2.3:a:openssl:openssl:0.9.8k
  • GNU GnuTLS 1.0.16
    cpe:2.3:a:gnu:gnutls:1.0.16
  • GNU GnuTLS 1.0.17
    cpe:2.3:a:gnu:gnutls:1.0.17
  • GNU GnuTLS 1.0.18
    cpe:2.3:a:gnu:gnutls:1.0.18
  • GNU GnuTLS 1.0.19
    cpe:2.3:a:gnu:gnutls:1.0.19
  • GNU GnuTLS 1.0.20
    cpe:2.3:a:gnu:gnutls:1.0.20
  • GNU GnuTLS 1.0.21
    cpe:2.3:a:gnu:gnutls:1.0.21
  • GNU GnuTLS 1.0.22
    cpe:2.3:a:gnu:gnutls:1.0.22
  • GNU GnuTLS 1.0.23
    cpe:2.3:a:gnu:gnutls:1.0.23
  • GNU GnuTLS 1.0.24
    cpe:2.3:a:gnu:gnutls:1.0.24
  • GNU GnuTLS 1.0.25
    cpe:2.3:a:gnu:gnutls:1.0.25
  • GNU GnuTLS 1.1.13
    cpe:2.3:a:gnu:gnutls:1.1.13
  • GNU GnuTLS 1.1.14
    cpe:2.3:a:gnu:gnutls:1.1.14
  • GNU GnuTLS 1.1.15
    cpe:2.3:a:gnu:gnutls:1.1.15
  • GNU GnuTLS 1.1.16
    cpe:2.3:a:gnu:gnutls:1.1.16
  • GNU GnuTLS 1.1.17
    cpe:2.3:a:gnu:gnutls:1.1.17
  • GNU GnuTLS 1.1.18
    cpe:2.3:a:gnu:gnutls:1.1.18
  • GNU GnuTLS 1.1.19
    cpe:2.3:a:gnu:gnutls:1.1.19
  • GNU GnuTLS 1.1.20
    cpe:2.3:a:gnu:gnutls:1.1.20
  • GNU GnuTLS 1.1.21
    cpe:2.3:a:gnu:gnutls:1.1.21
  • GNU GnuTLS 1.1.22
    cpe:2.3:a:gnu:gnutls:1.1.22
  • GNU GnuTLS 1.1.23
    cpe:2.3:a:gnu:gnutls:1.1.23
  • GNU GnuTLS 1.2.0
    cpe:2.3:a:gnu:gnutls:1.2.0
  • GNU GnuTLS 1.2.1
    cpe:2.3:a:gnu:gnutls:1.2.1
  • GNU GnuTLS 1.2.2
    cpe:2.3:a:gnu:gnutls:1.2.2
  • GNU GnuTLS 1.2.3
    cpe:2.3:a:gnu:gnutls:1.2.3
  • GNU GnuTLS 1.2.4
    cpe:2.3:a:gnu:gnutls:1.2.4
  • GNU GnuTLS 1.2.5
    cpe:2.3:a:gnu:gnutls:1.2.5
  • GNU GnuTLS 1.2.6
    cpe:2.3:a:gnu:gnutls:1.2.6
  • GNU GnuTLS 1.2.7
    cpe:2.3:a:gnu:gnutls:1.2.7
  • GNU GnuTLS 1.2.8
    cpe:2.3:a:gnu:gnutls:1.2.8
  • GNU GnuTLS 1.2.8.1a1
    cpe:2.3:a:gnu:gnutls:1.2.8.1a1
  • GNU GnuTLS 1.2.9
    cpe:2.3:a:gnu:gnutls:1.2.9
  • GNU GnuTLS 1.2.10
    cpe:2.3:a:gnu:gnutls:1.2.10
  • GNU GnuTLS 1.2.11
    cpe:2.3:a:gnu:gnutls:1.2.11
  • GNU GnuTLS 1.3.0
    cpe:2.3:a:gnu:gnutls:1.3.0
  • GNU GnuTLS 1.3.1
    cpe:2.3:a:gnu:gnutls:1.3.1
  • GNU GnuTLS 1.3.2
    cpe:2.3:a:gnu:gnutls:1.3.2
  • GNU GnuTLS 1.3.3
    cpe:2.3:a:gnu:gnutls:1.3.3
  • GNU GnuTLS 1.3.4
    cpe:2.3:a:gnu:gnutls:1.3.4
  • GNU GnuTLS 1.3.5
    cpe:2.3:a:gnu:gnutls:1.3.5
  • GNU GnuTLS 1.4.0
    cpe:2.3:a:gnu:gnutls:1.4.0
  • GNU GnuTLS 1.4.1
    cpe:2.3:a:gnu:gnutls:1.4.1
  • GNU GnuTLS 1.4.2
    cpe:2.3:a:gnu:gnutls:1.4.2
  • GNU GnuTLS 1.4.3
    cpe:2.3:a:gnu:gnutls:1.4.3
  • GNU GnuTLS 1.4.4
    cpe:2.3:a:gnu:gnutls:1.4.4
  • GNU GnuTLS 1.4.5
    cpe:2.3:a:gnu:gnutls:1.4.5
  • GNU GnuTLS 1.5.0
    cpe:2.3:a:gnu:gnutls:1.5.0
  • GNU GnuTLS 1.5.1
    cpe:2.3:a:gnu:gnutls:1.5.1
  • GNU GnuTLS 1.5.2
    cpe:2.3:a:gnu:gnutls:1.5.2
  • GNU GnuTLS 1.5.3
    cpe:2.3:a:gnu:gnutls:1.5.3
  • GNU GnuTLS 1.5.4
    cpe:2.3:a:gnu:gnutls:1.5.4
  • GNU GnuTLS 1.5.5
    cpe:2.3:a:gnu:gnutls:1.5.5
  • GNU GnuTLS 1.6.0
    cpe:2.3:a:gnu:gnutls:1.6.0
  • GNU GnuTLS 1.6.1
    cpe:2.3:a:gnu:gnutls:1.6.1
  • GNU GnuTLS 1.6.2
    cpe:2.3:a:gnu:gnutls:1.6.2
  • GNU GnuTLS 1.6.3
    cpe:2.3:a:gnu:gnutls:1.6.3
  • GNU GnuTLS 1.7.0
    cpe:2.3:a:gnu:gnutls:1.7.0
  • GNU GnuTLS 1.7.1
    cpe:2.3:a:gnu:gnutls:1.7.1
  • GNU GnuTLS 1.7.2
    cpe:2.3:a:gnu:gnutls:1.7.2
  • GNU GnuTLS 1.7.3
    cpe:2.3:a:gnu:gnutls:1.7.3
  • GNU GnuTLS 1.7.4
    cpe:2.3:a:gnu:gnutls:1.7.4
  • GNU GnuTLS 1.7.5
    cpe:2.3:a:gnu:gnutls:1.7.5
  • GNU GnuTLS 1.7.6
    cpe:2.3:a:gnu:gnutls:1.7.6
  • GNU GnuTLS 1.7.7
    cpe:2.3:a:gnu:gnutls:1.7.7
  • GNU GnuTLS 1.7.8
    cpe:2.3:a:gnu:gnutls:1.7.8
  • GNU GnuTLS 1.7.9
    cpe:2.3:a:gnu:gnutls:1.7.9
  • GNU GnuTLS 1.7.10
    cpe:2.3:a:gnu:gnutls:1.7.10
  • GNU GnuTLS 1.7.11
    cpe:2.3:a:gnu:gnutls:1.7.11
  • GNU GnuTLS 1.7.12
    cpe:2.3:a:gnu:gnutls:1.7.12
  • GNU GnuTLS 1.7.13
    cpe:2.3:a:gnu:gnutls:1.7.13
  • GNU GnuTLS 1.7.14
    cpe:2.3:a:gnu:gnutls:1.7.14
  • GNU GnuTLS 1.7.15
    cpe:2.3:a:gnu:gnutls:1.7.15
  • GNU GnuTLS 1.7.16
    cpe:2.3:a:gnu:gnutls:1.7.16
  • GNU GnuTLS 1.7.17
    cpe:2.3:a:gnu:gnutls:1.7.17
  • GNU GnuTLS 1.7.18
    cpe:2.3:a:gnu:gnutls:1.7.18
  • GNU GnuTLS 1.7.19
    cpe:2.3:a:gnu:gnutls:1.7.19
  • GNU GnuTLS 2.0.0
    cpe:2.3:a:gnu:gnutls:2.0.0
  • GNU GnuTLS 2.0.1
    cpe:2.3:a:gnu:gnutls:2.0.1
  • GNU GnuTLS 2.0.2
    cpe:2.3:a:gnu:gnutls:2.0.2
  • GNU GnuTLS 2.0.3
    cpe:2.3:a:gnu:gnutls:2.0.3
  • GNU GnuTLS 2.0.4
    cpe:2.3:a:gnu:gnutls:2.0.4
  • GNU GnuTLS 2.1.0
    cpe:2.3:a:gnu:gnutls:2.1.0
  • GNU GnuTLS 2.1.1
    cpe:2.3:a:gnu:gnutls:2.1.1
  • GNU GnuTLS 2.1.2
    cpe:2.3:a:gnu:gnutls:2.1.2
  • GNU GnuTLS 2.1.3
    cpe:2.3:a:gnu:gnutls:2.1.3
  • GNU GnuTLS 2.1.4
    cpe:2.3:a:gnu:gnutls:2.1.4
  • GNU GnuTLS 2.1.5
    cpe:2.3:a:gnu:gnutls:2.1.5
  • GNU GnuTLS 2.1.6
    cpe:2.3:a:gnu:gnutls:2.1.6
  • GNU GnuTLS 2.1.7
    cpe:2.3:a:gnu:gnutls:2.1.7
  • GNU GnuTLS 2.1.8
    cpe:2.3:a:gnu:gnutls:2.1.8
  • GNU GnuTLS 2.2.0
    cpe:2.3:a:gnu:gnutls:2.2.0
  • GNU GnuTLS 2.2.1
    cpe:2.3:a:gnu:gnutls:2.2.1
  • GNU GnuTLS 2.2.2
    cpe:2.3:a:gnu:gnutls:2.2.2
  • GNU GnuTLS 2.2.3
    cpe:2.3:a:gnu:gnutls:2.2.3
  • GNU GnuTLS 2.2.4
    cpe:2.3:a:gnu:gnutls:2.2.4
  • GNU GnuTLS 2.2.5
    cpe:2.3:a:gnu:gnutls:2.2.5
  • GNU GnuTLS 2.3.0
    cpe:2.3:a:gnu:gnutls:2.3.0
  • GNU GnuTLS 2.3.1
    cpe:2.3:a:gnu:gnutls:2.3.1
  • GNU GnuTLS 2.3.2
    cpe:2.3:a:gnu:gnutls:2.3.2
  • GNU GnuTLS 2.3.3
    cpe:2.3:a:gnu:gnutls:2.3.3
  • GNU GnuTLS 2.3.4
    cpe:2.3:a:gnu:gnutls:2.3.4
  • GNU GnuTLS 2.3.5
    cpe:2.3:a:gnu:gnutls:2.3.5
  • GNU GnuTLS 2.3.6
    cpe:2.3:a:gnu:gnutls:2.3.6
  • GNU GnuTLS 2.3.7
    cpe:2.3:a:gnu:gnutls:2.3.7
  • GNU GnuTLS 2.3.8
    cpe:2.3:a:gnu:gnutls:2.3.8
  • GNU GnuTLS 2.3.9
    cpe:2.3:a:gnu:gnutls:2.3.9
  • GNU GnuTLS 2.3.10
    cpe:2.3:a:gnu:gnutls:2.3.10
  • GNU GnuTLS 2.3.11
    cpe:2.3:a:gnu:gnutls:2.3.11
  • GNU GnuTLS 2.4.0
    cpe:2.3:a:gnu:gnutls:2.4.0
  • GNU GnuTLS 2.4.1
    cpe:2.3:a:gnu:gnutls:2.4.1
  • GNU GnuTLS 2.4.2
    cpe:2.3:a:gnu:gnutls:2.4.2
  • GNU GnuTLS 2.5.0
    cpe:2.3:a:gnu:gnutls:2.5.0
  • GNU GnuTLS 2.6.0
    cpe:2.3:a:gnu:gnutls:2.6.0
  • GNU GnuTLS 2.6.1
    cpe:2.3:a:gnu:gnutls:2.6.1
  • GNU GnuTLS 2.6.2
    cpe:2.3:a:gnu:gnutls:2.6.2
  • GNU GnuTLS 2.6.3
    cpe:2.3:a:gnu:gnutls:2.6.3
  • GNU GnuTLS 2.7.4
    cpe:2.3:a:gnu:gnutls:2.7.4
CVSS
Base: 5.1 (as of 31-07-2009 - 08:59)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-809-1.NASL
    description Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2730) Dan Kaminsky discovered GnuTLS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This issue only affected Ubuntu 6.06 LTS and Ubuntu 8.10. (CVE-2009-2409) USN-678-1 fixed a vulnerability and USN-678-2 a regression in GnuTLS. The upstream patches introduced a regression when validating certain certificate chains that would report valid certificates as untrusted. This update fixes the problem, and only affected Ubuntu 6.06 LTS and Ubuntu 8.10 (Ubuntu 8.04 LTS and 9.04 were fixed at an earlier date). In an effort to maintain a strong security stance and address all known regressions, this update deprecates X.509 validation chains using MD2 and MD5 signatures. To accomodate sites which must still use a deprected RSA-MD5 certificate, GnuTLS has been updated to stop looking when it has found a trusted intermediary certificate. This new handling of intermediary certificates is in accordance with other SSL implementations. Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2008-4989). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 40656
    published 2009-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40656
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : gnutls12, gnutls13, gnutls26 vulnerabilities (USN-809-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_2.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 42434
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42434
    title Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0008.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707)
    last seen 2019-01-16
    modified 2018-07-24
    plugin id 79532
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79532
    title OracleVM 3.2 : onpenssl (OVMSA-2014-0008)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0009.NASL
    description a. Service Console update for COS kernel Updated COS package 'kernel' addresses the security issues that are fixed through versions 2.6.18-164.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-164.6.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020, CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to the security issues fixed in kernel 2.6.18-164.11.1. b. ESXi userworld update for ntp The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source. A vulnerability in ntpd could allow a remote attacker to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3563 to this issue. c. Service Console package openssl updated to 0.9.8e-12.el5_4.1 OpenSSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-strength cryptography world-wide. A memory leak in the zlib could allow a remote attacker to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4355 to this issue. A vulnerability was discovered which may allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2409 to this issue. This update also includes security fixes that were first addressed in version openssl-0.9.8e-12.el5.i386.rpm. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386 and CVE-2009-1387 to these issues. d. Service Console update for krb5 to 1.6.1-36.el5_4.1 and pam_krb5 to 2.2.14-15. Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Multiple integer underflows in the AES and RC4 functionality in the crypto library could allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4212 to this issue. The service console package for pam_krb5 is updated to version pam_krb5-2.2.14-15. This update fixes a flaw found in pam_krb5. In some non-default configurations (specifically, where pam_krb5 would be the first module to prompt for a password), a remote attacker could use this flaw to recognize valid usernames, which would aid a dictionary-based password guess attack. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1384 to this issue. e. Service Console package bind updated to 9.3.6-4.P1.el5_4.2 BIND (Berkeley Internet Name Daemon) is by far the most widely used Domain Name System (DNS) software on the Internet. A vulnerability was discovered which could allow remote attacker to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0097 to this issue. A vulnerability was discovered which could allow remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains CNAME or DNAME records, which do not have the intended validation before caching. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0290 to this issue. A vulnerability was found in the way that bind handles out-of- bailiwick data accompanying a secure response without re-fetching from the original source, which could allow remote attackers to have an unspecified impact via a crafted response. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0382 to this issue. NOTE: ESX does not use the BIND name service daemon by default. f. Service Console package gcc updated to 3.2.3-60 The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Java, and Ada, as well as libraries for these languages GNU Libtool's ltdl.c attempts to open .la library files in the current working directory. This could allow a local user to gain privileges via a Trojan horse file. The GNU C Compiler collection (gcc) provided in ESX contains a statically linked version of the vulnerable code, and is being replaced. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3736 to this issue. g. Service Console package gzip update to 1.3.3-15.rhel3 gzip is a software application used for file compression An integer underflow in gzip's unlzw function on 64-bit platforms may allow a remote attacker to trigger an array index error leading to a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW compressed file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0001 to this issue. h. Service Console package sudo updated to 1.6.9p17-6.el5_4 Sudo (su 'do') allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. When a pseudo-command is enabled, sudo permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0426 to this issue. When the runas_default option is used, sudo does not properly set group memberships, which allows local users to gain privileges via a sudo command. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0427 to this issue.
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 46765
    published 2010-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46765
    title VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates
  • NASL family Web Servers
    NASL id OPENSSL_0_9_8L.NASL
    description According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.8l. As such, it may be affected by multiple vulnerabilities : - A remote attacker could crash the server by sending malformed ASN.1 data. This flaw only affects some architectures, Win64 and other unspecified platforms. (CVE-2009-0789) - A remote attacker could saturate the server by sending a big number of 'future epoch' DTLS records. (CVE-2009-1377) - A remote attacker could saturate the server by sending duplicate DTLS records, or DTLS records with too big sequence numbers. (CVE-2009-1378) - A remote attacker could spoof certificates by computing MD2 hash collisions. (CVE-2009-2409)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 17765
    published 2012-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17765
    title OpenSSL < 0.9.8l Multiple Vulnerabilities
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0019.NASL
    description a. Service Console update for samba The service console package samba is updated to version 3.0.9-1.3E.18. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3069 to this issue. b. Service Console update for bzip2 The service console package bzip2 is updated to version 1.0.2-14.EL3 in ESX 3.x and version 1.0.3-6 in ESX 4.x. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0405 to this issue. c. Service Console update for OpenSSL The service console package openssl updated to version 0.9.7a-33.26. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-2409 and CVE-2009-3555 to the issues addressed in this update.
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 51077
    published 2010-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51077
    title VMSA-2010-0019 : VMware ESX third-party updates for Service Console
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0009_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - libpng - VMnc Codec - vmrun - VMware Remote Console (VMrc) - VMware Tools - vmware-authd
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 89740
    published 2016-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89740
    title VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2009-006.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 42433
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42433
    title Mac OS X Multiple Vulnerabilities (Security Update 2009-006)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0166.NASL
    description Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491 Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. GnuTLS now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2018-12-20
    plugin id 46277
    published 2010-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46277
    title RHEL 5 : gnutls (RHSA-2010:0166)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100325_GNUTLS_ON_SL4_X.NASL
    description CVE-2009-3555 TLS: MITM attacks via session renegotiation CVE-2010-0731 gnutls: gnutls_x509_crt_get_serial incorrect serial decoding from ASN1 (BE64) [GNUTLS-SA-2010-1] A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491 Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. GnuTLS now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) SL5 Only A flaw was found in the way GnuTLS extracted serial numbers from X.509 certificates. On 64-bit big endian platforms, this flaw could cause the certificate revocation list (CRL) check to be bypassed; cause various GnuTLS utilities to crash; or, possibly, execute arbitrary code. (CVE-2010-0731) SL4 Only For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 60752
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60752
    title Scientific Linux Security Update : gnutls on SL4.x, SL5.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0163.NASL
    description Updated openssl packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491 Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) An input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. (CVE-2009-0590) Note: The affected function is rarely used. No application shipped with Red Hat Enterprise Linux calls this function, for example. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2018-12-20
    plugin id 46274
    published 2010-05-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46274
    title RHEL 3 / 4 : openssl (RHSA-2010:0163)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0163.NASL
    description Updated openssl packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491 Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) An input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. (CVE-2009-0590) Note: The affected function is rarely used. No application shipped with Red Hat Enterprise Linux calls this function, for example. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 45346
    published 2010-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45346
    title CentOS 3 / 4 : openssl (CESA-2010:0163)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-084.NASL
    description Multiple Java OpenJDK security vulnerabilities has been identified and fixed : - TLS: MITM attacks via session renegotiation (CVE-2009-3555). - Loader-constraint table allows arrays instead of only the b ase-classes (CVE-2010-0082). - Policy/PolicyFile leak dynamic ProtectionDomains. (CVE-2010-0084). - File TOCTOU deserialization vulnerability (CVE-2010-0085). - Inflater/Deflater clone issues (CVE-2010-0088). - Unsigned applet can retrieve the dragged information before drop action occurs (CVE-2010-0091). - AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (CVE-2010-0092). - System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (CVE-2010-0093). - Deserialization of RMIConnectionImpl objects should enforce stricter checks (CVE-2010-0094). - Subclasses of InetAddress may incorrectly interpret network addresses (CVE-2010-0095). - JAR unpack200 must verify input parameters (CVE-2010-0837). - CMM readMabCurveData Buffer Overflow Vulnerability (CVE-2010-0838). - Applet Trusted Methods Chaining Privilege Escalation Vulnerability (CVE-2010-0840). - No ClassCastException for HashAttributeSet constructors if run with -Xcomp (CVE-2010-0845) - ImagingLib arbitrary code execution vulnerability (CVE-2010-0847). - AWT Library Invalid Index Vulnerability (CVE-2010-0848). Additional security issues that was fixed with IcedTea6 1.6.2 : - deprecate MD2 in SSL cert validation (CVE-2009-2409). - ICC_Profile file existence detection information leak (CVE-2009-3728). - JRE AWT setDifflCM stack overflow (CVE-2009-3869). - JRE AWT setBytePixels heap overflow (CVE-2009-3871). - JPEG Image Writer quantization problem (CVE-2009-3873). - ImageI/O JPEG heap overflow (CVE-2009-3874). - MessageDigest.isEqual introduces timing attack vulnerabilities (CVE-2009-3875). - OpenJDK ASN.1/DER input stream parser denial of service (CVE-2009-3876, CVE-2009-3877) - GraphicsConfiguration information leak (CVE-2009-3879). - UI logging information leakage (CVE-2009-3880). - resurrected classloaders can still have children (CVE-2009-3881). - Numerous static security flaws in Swing (findbugs) (CVE-2009-3882). - Mutable statics in Windows PL&F (findbugs) (CVE-2009-3883). - zoneinfo file existence information leak (CVE-2009-3884). - BMP parsing DoS with UNC ICC links (CVE-2009-3885). Additionally Paulo Cesar Pereira de Andrade (pcpa) at Mandriva found and fixed a bug in IcedTea6 1.8 that is also applied to the provided packages : - plugin/icedteanp/IcedTeaNPPlugin.cc (plugin_filter_environment): Increment malloc size by one to account for NULL terminator. Bug# 474. Packages for 2009.0 are provided due to the Extended Maintenance Program.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 46176
    published 2010-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46176
    title Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2010:084)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0166.NASL
    description From Red Hat Security Advisory 2010:0166 : Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491 Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. GnuTLS now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 68020
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68020
    title Oracle Linux 5 : gnutls (ELSA-2010-0166)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1888.NASL
    description Certificates with MD2 hash signatures are no longer accepted by OpenSSL, since they're no longer considered cryptographically secure.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 44753
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44753
    title Debian DSA-1888-1 : openssl, openssl097 - cryptographic weakness
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-310.NASL
    description Multiple security vulnerabilities has been identified and fixed in OpenSSL : The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377) Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378) Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate (CVE-2009-1379). ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello (CVE-2009-1386). The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a fragment bug. (CVE-2009-1387) The NSS library library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spooof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large (CVE-2009-2409). A regression was found with the self signed certificate signatures checking after applying the fix for CVE-2009-2409. An upstream patch has been applied to address this issue. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers The updated packages have been patched to prevent this.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 42996
    published 2009-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42996
    title Mandriva Linux Security Advisory : openssl (MDVSA-2009:310)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200912-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-200912-01 (OpenSSL: Multiple vulnerabilities) Multiple vulnerabilities have been reported in OpenSSL: Marsh Ray of PhoneFactor and Martin Rex of SAP independently reported that the TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555). The MD2 hash algorithm is no longer considered to be cryptographically strong, as demonstrated by Dan Kaminsky. Certificates using this algorithm are no longer accepted (CVE-2009-2409). Daniel Mentz and Robin Seggelmann reported the following vulnerabilities related to DTLS: A use-after-free flaw (CVE-2009-1379) and a NULL pointer dereference (CVE-2009-1387) in the dtls1_retrieve_buffered_fragment() function in src/d1_both.c, multiple memory leaks in the dtls1_process_out_of_seq_message() function in src/d1_both.c (CVE-2009-1378), and a processing error related to a large amount of DTLS records with a future epoch in the dtls1_buffer_record() function in ssl/d1_pkt.c (CVE-2009-1377). Impact : A remote unauthenticated attacker, acting as a Man in the Middle, could inject arbitrary plain text into a TLS session, possibly leading to the ability to send requests as if authenticated as the victim. A remote attacker could furthermore send specially crafted DTLS packages to a service using OpenSSL for DTLS support, possibly resulting in a Denial of Service. Also, a remote attacker might be able to create rogue certificates, facilitated by a MD2 collision. NOTE: The amount of computation needed for this attack is still very large. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-07-11
    plugin id 42968
    published 2009-12-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42968
    title GLSA-200912-01 : OpenSSL: Multiple vulnerabilities
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0019_REMOTE.NASL
    description The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - bzip2 - Network Security Services (NSS) Library - OpenSSL - Samba
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 89745
    published 2016-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89745
    title VMware ESX Multiple Vulnerabilities (VMSA-2010-0019) (remote check)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0015.NASL
    description a. Service Console update for NSS_db The service console package NSS_db is updated to version nss_db-2.2-35.4.el5_5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0826 to this issue. b. Service Console update for OpenLDAP The service console package OpenLDAP updated to version 2.3.43-12.el5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-3767 to this issue. c. Service Console update for cURL The service console packages for cURL updated to version 7.15.5-9.el5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-0734 to this issue. d. Service Console update for sudo The service console package sudo updated to version 1.7.2p1-7.el5_5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1646 to this issue. e. Service Console update for OpenSSL, GnuTLS, NSS and NSPR Service Console updates for OpenSSL to version 097a-0.9.7a-9.el5_4.2 and version 0.9.8e-12.el5_4.6, GnuTLS to version 1.4.1-3.el5_4.8, and NSS to version 3.12.6-1.3235.vmw and NSPR to version 4.8.4-1.3235.vmw. These four updates are bundled together due to their mutual dependencies. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3555, CVE-2009-2409, CVE-2009-3245 and CVE-2010-0433 to the issues addressed in this update.
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 49703
    published 2010-10-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49703
    title VMSA-2010-0015 : VMware ESX third-party updates for Service Console
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200911-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-200911-02 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact : A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE. NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-07-11
    plugin id 42834
    published 2009-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42834
    title GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-238.NASL
    description Multiple vulnerabilities was discovered and corrected in openssl : Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate (CVE-2009-1379). ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello (CVE-2009-1386). The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a fragment bug. (CVE-2009-1387) The NSS library library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spooof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large (CVE-2009-2409). This update provides a solution to these vulnerabilities.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 41030
    published 2009-09-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41030
    title Mandriva Linux Security Advisory : openssl (MDVSA-2009:238)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0015_REMOTE.NASL
    description The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Berkeley DB NSS module - cURL / libcURL - GnuTLS - Network Security Services (NSS) Library - OpenLDAP - OpenSSL - OpenSSL Kerberos - sudo
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 89742
    published 2016-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89742
    title VMware ESX Multiple Vulnerabilities (VMSA-2010-0015) (remote check)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-258.NASL
    description A regression was found with the self signed certificate signatures checking after applying the fix for CVE-2009-2409. An upstream patch has been applied to address this issue.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 42062
    published 2009-10-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42062
    title Mandriva Linux Security Advisory : openssl (MDVSA-2009:258)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1184.NASL
    description Updated nspr and nss packages that fix security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) These version upgrades also provide a fix for the following bug : * SSL client authentication failed against an Apache server when it was using the mod_nss module and configured for NSSOCSP. On the client side, the user agent received an error message that referenced 'Error Code: -12271' and stated that establishing an encrypted connection had failed because the certificate had been rejected by the host. On the server side, the nss_error_log under /var/log/httpd/ contained the following message : [error] Re-negotiation handshake failed: Not accepted by client!? Also, /var/log/httpd/error_log contained this error : SSL Library Error: -8071 The OCSP server experienced an internal error With these updated packages, the dependency problem which caused this failure has been resolved so that SSL client authentication with an Apache web server using mod_nss which is configured for NSSOCSP succeeds as expected. Note that if the presented client certificate is expired, then access is denied, the user agent is presented with an error message about the invalid certificate, and the OCSP queries are seen in the OCSP responder. Also, similar OCSP status verification happens for SSL server certificates used in Apache upon instance start or restart. (BZ#508027) All users of nspr and nss are advised to upgrade to these updated packages, which resolve these issues.
    last seen 2019-01-16
    modified 2018-11-27
    plugin id 40439
    published 2009-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40439
    title RHEL 4 : nspr and nss (RHSA-2009:1184)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0166.NASL
    description Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491 Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. GnuTLS now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 45365
    published 2010-03-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=45365
    title CentOS 5 : gnutls (CESA-2010:0166)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0163.NASL
    description From Red Hat Security Advisory 2010:0163 : Updated openssl packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491 Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) An input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. (CVE-2009-0590) Note: The affected function is rarely used. No application shipped with Red Hat Enterprise Linux calls this function, for example. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 68017
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68017
    title Oracle Linux 3 / 4 : openssl (ELSA-2010-0163)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1571.NASL
    description Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3873, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884) Note: This is the final update for the java-1.5.0-sun packages, as the Sun Java SE Release family 5.0 has now reached End of Service Life. The next update will remove the java-1.5.0-sun packages. An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the IBM Developer Kit for Linux, which is available from the Extras and Supplementary channels on the Red Hat Network. For users of applications that are capable of using the Java 6 runtime, the OpenJDK open source JDK is included in Red Hat Enterprise Linux 5 (since 5.3) and is supported by Red Hat. Users of java-1.5.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2018-11-27
    plugin id 42455
    published 2009-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42455
    title RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1571)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1584.NASL
    description Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. An integer overflow flaw and buffer overflow flaws were found in the way the JRE processed image files. An untrusted applet or application could use these flaws to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874) An information leak was found in the JRE. An untrusted applet or application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3881) It was discovered that the JRE still accepts certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by the JRE. With this update, the JRE disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) A timing attack flaw was found in the way the JRE processed HMAC digests. This flaw could aid an attacker using forged digital signatures to bypass authentication checks. (CVE-2009-3875) Two denial of service flaws were found in the JRE. These could be exploited in server-side application scenarios that process DER-encoded (Distinguished Encoding Rules) data. (CVE-2009-3876, CVE-2009-3877) An information leak was found in the way the JRE handled color profiles. An attacker could use this flaw to discover the existence of files outside of the color profiles directory. (CVE-2009-3728) A flaw in the JRE with passing arrays to the X11GraphicsDevice API was found. An untrusted applet or application could use this flaw to access and modify the list of supported graphics configurations. This flaw could also lead to sensitive information being leaked to unprivileged code. (CVE-2009-3879) It was discovered that the JRE passed entire objects to the logging API. This could lead to sensitive information being leaked to either untrusted or lower-privileged code from an attacker-controlled applet which has access to the logging API and is therefore able to manipulate (read and/or call) the passed objects. (CVE-2009-3880) Potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-3882, CVE-2009-3883) An information leak was found in the way the TimeZone.getTimeZone method was handled. This method could load time zone files that are outside of the [JRE_HOME]/lib/zi/ directory, allowing a remote attacker to probe the local file system. (CVE-2009-3884) Note: The flaws concerning applets in this advisory, CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881 and CVE-2009-3884, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 67075
    published 2013-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67075
    title CentOS 5 : java-1.6.0-openjdk (CESA-2009:1584)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0054.NASL
    description From Red Hat Security Advisory 2010:0054 : Updated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init() function after previous calls to the CRYPTO_cleanup_all_ex_data() function, which would cause a memory leak for each subsequent SSL connection. This flaw could cause server applications that call those functions during reload, such as a combination of the Apache HTTP Server, mod_ssl, PHP, and cURL, to consume all available memory, resulting in a denial of service. (CVE-2009-4355) Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 67989
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67989
    title Oracle Linux 5 : openssl (ELSA-2010-0054)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0054.NASL
    description Updated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init() function after previous calls to the CRYPTO_cleanup_all_ex_data() function, which would cause a memory leak for each subsequent SSL connection. This flaw could cause server applications that call those functions during reload, such as a combination of the Apache HTTP Server, mod_ssl, PHP, and cURL, to consume all available memory, resulting in a denial of service. (CVE-2009-4355) Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 44097
    published 2010-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44097
    title CentOS 5 : openssl (CESA-2010:0054)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-810-1.NASL
    description Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404) Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 40490
    published 2009-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40490
    title Ubuntu 8.04 LTS / 8.10 / 9.04 : nss vulnerabilities (USN-810-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090731_NSPR_AND_NSS_FOR_SL_5_X.NASL
    description CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) CVE-2009-2408 firefox/nss: doesn't handle NULL in Common Name properly CVE-2009-2404 nss regexp heap overflow The packages with this update are identical to the packages released on the 20th of July 2009. They are being reissued as a Security Advisory as they fixed a number of security issues that were made public today. If you are installing these packages for the first time, they also provide a number of bug fixes and add an enhancement. Since the packages are identical, there is no need to install this update if the nspr/nss packages from July 20, 2009 have already been installed. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409)
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 60632
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60632
    title Scientific Linux Security Update : nspr and nss for SL 5.x on i386/x86_64
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0001_REMOTE.NASL
    description The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party components and libraries : - Network Security Services (NSS) - NetScape Portable Runtime (NSPR)
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 89735
    published 2016-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89735
    title VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0001) (remote check)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1432.NASL
    description From Red Hat Security Advisory 2009:1432 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075) A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077) Dan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by SeaMonkey, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse SeaMonkey into accepting it by mistake. (CVE-2009-2408) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3076) A flaw was found in the way SeaMonkey displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS (provided by SeaMonkey) now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 67924
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67924
    title Oracle Linux 3 : seamonkey (ELSA-2009-1432)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-239.NASL
    description Multiple vulnerabilities was discovered and corrected in openssl : Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate (CVE-2009-1379). The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a fragment bug. (CVE-2009-1387) The NSS library library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spooof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large (CVE-2009-2409). This update provides a solution to these vulnerabilities.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 48153
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48153
    title Mandriva Linux Security Advisory : openssl (MDVSA-2009:239)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1431.NASL
    description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075) A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3076) A flaw was found in the way SeaMonkey displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-01-16
    modified 2018-11-27
    plugin id 40922
    published 2009-09-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40922
    title RHEL 4 : seamonkey (RHSA-2009:1431)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1431.NASL
    description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075) A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3076) A flaw was found in the way SeaMonkey displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 40933
    published 2009-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40933
    title CentOS 4 : seamonkey (CESA-2009:1431)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-11489.NASL
    description Add latest security patches Bug numbers:510197, 530053, 530057, 530061, 530062, 530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-12-08
    plugin id 42805
    published 2009-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42805
    title Fedora 12 : java-1.6.0-openjdk-1.6.0.0-33.b16.fc12 (2009-11489)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_JAVA-1_6_0-OPENJDK-091127.NASL
    description New icedtea update to fix : - ICC_Profile file existence detection information leak; CVE-2009-3728: CVSS v2 Base Score: 5.0 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0 - resurrected classloaders can still have children; CVE-2009-3881: CVSS v2 Base Score: 7.5 - Numerous static security flaws in Swing; CVE-2009-3882: CVSS v2 Base Score: 7.5 - Mutable statics in Windows PL&F; CVE-2009-3883: CVSS v2 Base Score: 7.5 - UI logging information leakage; CVE-2009-3880: CVSS v2 Base Score: 5.0 - GraphicsConfiguration information leak; CVE-2009-3879: CVSS v2 Base Score: 7.5 - zoneinfo file existence information leak; CVE-2009-3884: CVSS v2 Base Score: 5.0 - deprecate MD2 in SSL cert validation; CVE-2009-2409: CVSS v2 Base Score: 6.4 - JPEG Image Writer quantization problem; CVE-2009-3873: CVSS v2 Base Score: 9.3 - MessageDigest.isEqual introduces timing attack vulnerabilities; CVE-2009-3875: CVSS v2 Base Score: 5.0 - OpenJDK ASN.1/DER input stream parser denial of service; CVE-2009-3876,CVE-2009-3877: CVSS v2 Base Score: 5.0 - JRE AWT setDifflCM stack overflow; CVE-2009-3869: CVSS v2 Base Score: 9.3 - ImageI/O JPEG heap overflow; CVE-2009-3874: CVSS v2 Base Score: 9.3 - JRE AWT setBytePixels heap overflow; CVE-2009-3871: CVSS v2 Base Score: 9.3
    last seen 2019-01-16
    modified 2016-12-21
    plugin id 42926
    published 2009-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42926
    title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1584.NASL
    description From Red Hat Security Advisory 2009:1584 : Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. An integer overflow flaw and buffer overflow flaws were found in the way the JRE processed image files. An untrusted applet or application could use these flaws to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874) An information leak was found in the JRE. An untrusted applet or application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3881) It was discovered that the JRE still accepts certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by the JRE. With this update, the JRE disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) A timing attack flaw was found in the way the JRE processed HMAC digests. This flaw could aid an attacker using forged digital signatures to bypass authentication checks. (CVE-2009-3875) Two denial of service flaws were found in the JRE. These could be exploited in server-side application scenarios that process DER-encoded (Distinguished Encoding Rules) data. (CVE-2009-3876, CVE-2009-3877) An information leak was found in the way the JRE handled color profiles. An attacker could use this flaw to discover the existence of files outside of the color profiles directory. (CVE-2009-3728) A flaw in the JRE with passing arrays to the X11GraphicsDevice API was found. An untrusted applet or application could use this flaw to access and modify the list of supported graphics configurations. This flaw could also lead to sensitive information being leaked to unprivileged code. (CVE-2009-3879) It was discovered that the JRE passed entire objects to the logging API. This could lead to sensitive information being leaked to either untrusted or lower-privileged code from an attacker-controlled applet which has access to the logging API and is therefore able to manipulate (read and/or call) the passed objects. (CVE-2009-3880) Potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-3882, CVE-2009-3883) An information leak was found in the way the TimeZone.getTimeZone method was handled. This method could load time zone files that are outside of the [JRE_HOME]/lib/zi/ directory, allowing a remote attacker to probe the local file system. (CVE-2009-3884) Note: The flaws concerning applets in this advisory, CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881 and CVE-2009-3884, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2016-12-07
    plugin id 67960
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67960
    title Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-1584)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-810-2.NASL
    description USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404) Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 40491
    published 2009-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40491
    title Ubuntu 8.04 LTS / 8.10 / 9.04 : nspr update (USN-810-2)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-197.NASL
    description Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404). This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 40522
    published 2009-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40522
    title Mandriva Linux Security Advisory : nss (MDVSA-2009:197-3)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_JAVA-1_6_0-OPENJDK-091125.NASL
    description New icedtea update to fix : - ICC_Profile file existence detection information leak; CVE-2009-3728: CVSS v2 Base Score: 5.0 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0 - resurrected classloaders can still have children; CVE-2009-3881: CVSS v2 Base Score: 7.5 - Numerous static security flaws in Swing; CVE-2009-3882: CVSS v2 Base Score: 7.5 - Mutable statics in Windows PL&F; CVE-2009-3883: CVSS v2 Base Score: 7.5 - UI logging information leakage; CVE-2009-3880: CVSS v2 Base Score: 5.0 - GraphicsConfiguration information leak; CVE-2009-3879: CVSS v2 Base Score: 7.5 - zoneinfo file existence information leak; CVE-2009-3884: CVSS v2 Base Score: 5.0 - deprecate MD2 in SSL cert validation; CVE-2009-2409: CVSS v2 Base Score: 6.4 - JPEG Image Writer quantization problem; CVE-2009-3873: CVSS v2 Base Score: 9.3 - MessageDigest.isEqual introduces timing attack vulnerabilities; CVE-2009-3875: CVSS v2 Base Score: 5.0 - OpenJDK ASN.1/DER input stream parser denial of service; CVE-2009-3876,CVE-2009-3877: CVSS v2 Base Score: 5.0 - JRE AWT setDifflCM stack overflow; CVE-2009-3869: CVSS v2 Base Score: 9.3 - ImageI/O JPEG heap overflow; CVE-2009-3874: CVSS v2 Base Score: 9.3 - JRE AWT setBytePixels heap overflow; CVE-2009-3871: CVSS v2 Base Score: 9.3
    last seen 2019-01-16
    modified 2016-12-21
    plugin id 42921
    published 2009-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42921
    title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-11490.NASL
    description Add latest security patches Bug numbers:510197, 530053, 530057, 530061, 530062, 530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-12-08
    plugin id 42806
    published 2009-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42806
    title Fedora 10 : java-1.6.0-openjdk-1.6.0.0-23.b16.fc10 (2009-11490)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1207.NASL
    description Updated nspr and nss packages that fix security issues are now available for Red Hat Enterprise Linux 5.2 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) All users of nspr and nss are advised to upgrade to these updated packages, which resolve these issues.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 63889
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63889
    title RHEL 5 : nspr and nss (RHSA-2009:1207)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1184.NASL
    description From Red Hat Security Advisory 2009:1184 : Updated nspr and nss packages that fix security issues and a bug are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) These version upgrades also provide a fix for the following bug : * SSL client authentication failed against an Apache server when it was using the mod_nss module and configured for NSSOCSP. On the client side, the user agent received an error message that referenced 'Error Code: -12271' and stated that establishing an encrypted connection had failed because the certificate had been rejected by the host. On the server side, the nss_error_log under /var/log/httpd/ contained the following message : [error] Re-negotiation handshake failed: Not accepted by client!? Also, /var/log/httpd/error_log contained this error : SSL Library Error: -8071 The OCSP server experienced an internal error With these updated packages, the dependency problem which caused this failure has been resolved so that SSL client authentication with an Apache web server using mod_nss which is configured for NSSOCSP succeeds as expected. Note that if the presented client certificate is expired, then access is denied, the user agent is presented with an error message about the invalid certificate, and the OCSP queries are seen in the OCSP responder. Also, similar OCSP status verification happens for SSL server certificates used in Apache upon instance start or restart. (BZ#508027) All users of nspr and nss are advised to upgrade to these updated packages, which resolve these issues.
    last seen 2019-01-16
    modified 2016-12-07
    plugin id 67902
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67902
    title Oracle Linux 4 / 5 : nspr / nss (ELSA-2009-1184)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100325_OPENSSL_ON_SL3_X.NASL
    description A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491 Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) An input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. (CVE-2009-0590) For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 60758
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60758
    title Scientific Linux Security Update : openssl on SL3.x, SL4.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1186.NASL
    description Updated nspr and nss packages that fix security issues, bugs, and add an enhancement are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The packages with this update are identical to the packages released by RHBA-2009:1161 on the 20th of July 2009. They are being reissued as a Red Hat Security Advisory as they fixed a number of security issues that were made public today. If you are installing these packages for the first time, they also provide a number of bug fixes and add an enhancement, as detailed in RHBA-2009:1161. Since the packages are identical, there is no need to install this update if RHBA-2009:1161 has already been installed. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) All users of nspr and nss are advised to upgrade to these updated packages, which resolve these issues and add an enhancement.
    last seen 2019-01-16
    modified 2018-12-20
    plugin id 40441
    published 2009-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40441
    title RHEL 5 : nspr and nss (RHSA-2009:1186)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1190.NASL
    description Updated nspr and nss packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 4.7 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) These version upgrades also provide fixes for the following bugs : * SSL client authentication failed against an Apache server when it was using the mod_nss module and configured for NSSOCSP. On the client side, the user agent received an error message that referenced 'Error Code: -12271' and stated that establishing an encrypted connection had failed because the certificate had been rejected by the host. On the server side, the nss_error_log under /var/log/httpd/ contained the following message : [error] Re-negotiation handshake failed: Not accepted by client!? Also, /var/log/httpd/error_log contained this error : SSL Library Error: -8071 The OCSP server experienced an internal error With these updated packages, the dependency problem which caused this failure has been resolved so that SSL client authentication with an Apache web server using mod_nss which is configured for NSSOCSP succeeds as expected. Note that if the presented client certificate is expired, then access is denied, the user agent is presented with an error message about the invalid certificate, and the OCSP queries are seen in the OCSP responder. Also, similar OCSP status verification happens for SSL server certificates used in Apache upon instance start or restart. (BZ#508026) * NSS uses a software integrity test to detect code corruption. RPM transactions and system link optimization daemons (such as prelink) can change the contents of libraries, causing the software integrity test to fail. In combination with the updated prelink package (RHBA-2009:1041), these updated packages can now prevent software integrity test failures. (BZ#495938) All users of nspr and nss are advised to upgrade to these updated packages, which resolve these issues.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 63888
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63888
    title RHEL 4 : nspr and nss (RHSA-2009:1190)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1431.NASL
    description From Red Hat Security Advisory 2009:1431 : Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075) A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3076) A flaw was found in the way SeaMonkey displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 67923
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67923
    title Oracle Linux 4 : seamonkey (ELSA-2009-1431)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL15663.NASL
    description The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. CVE-2009-2409
    last seen 2019-01-16
    modified 2019-01-04
    plugin id 78200
    published 2014-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78200
    title F5 Networks BIG-IP : MD2 Message-Digest Algorithm vulnerability (SOL15663)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-830-1.NASL
    description Dan Kaminsky discovered OpenSSL would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 40981
    published 2009-09-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40981
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : openssl vulnerability (USN-830-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1432.NASL
    description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075) A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077) Dan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by SeaMonkey, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse SeaMonkey into accepting it by mistake. (CVE-2009-2408) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3076) A flaw was found in the way SeaMonkey displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS (provided by SeaMonkey) now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 40934
    published 2009-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40934
    title CentOS 3 : seamonkey (CESA-2009:1432)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1874.NASL
    description Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2404 Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code. - CVE-2009-2408 Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate. - CVE-2009-2409 Certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptograhically secure.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 44739
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44739
    title Debian DSA-1874-1 : nss - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_JAVA-1_6_0-OPENJDK-091125.NASL
    description New icedtea update to fix : - ICC_Profile file existence detection information leak; CVE-2009-3728: CVSS v2 Base Score: 5.0 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0 - resurrected classloaders can still have children; CVE-2009-3881: CVSS v2 Base Score: 7.5 - Numerous static security flaws in Swing; CVE-2009-3882: CVSS v2 Base Score: 7.5 - Mutable statics in Windows PL&F; CVE-2009-3883: CVSS v2 Base Score: 7.5 - UI logging information leakage; CVE-2009-3880: CVSS v2 Base Score: 5.0 - GraphicsConfiguration information leak; CVE-2009-3879: CVSS v2 Base Score: 7.5 - zoneinfo file existence information leak; CVE-2009-3884: CVSS v2 Base Score: 5.0 - deprecate MD2 in SSL cert validation; CVE-2009-2409: CVSS v2 Base Score: 6.4 - JPEG Image Writer quantization problem; CVE-2009-3873: CVSS v2 Base Score: 9.3 - MessageDigest.isEqual introduces timing attack vulnerabilities; CVE-2009-3875: CVSS v2 Base Score: 5.0 - OpenJDK ASN.1/DER input stream parser denial of service; CVE-2009-3876,CVE-2009-3877: CVSS v2 Base Score: 5.0 - JRE AWT setDifflCM stack overflow; CVE-2009-3869: CVSS v2 Base Score: 9.3 - ImageI/O JPEG heap overflow; CVE-2009-3874: CVSS v2 Base Score: 9.3 - JRE AWT setBytePixels heap overflow; CVE-2009-3871: CVSS v2 Base Score: 9.3
    last seen 2019-01-16
    modified 2016-12-21
    plugin id 42923
    published 2009-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42923
    title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090909_SEAMONKEY_ON_SL3_X.NASL
    description CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) CVE-2009-2408 firefox/nss: doesn't handle NULL in Common Name properly CVE-2009-2654 firefox: URL bar spoofing vulnerability CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine crashes CVE-2009-3076 Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal CVE-2009-3077 Firefox 3.5.3 3.0.14 TreeColumns dangling pointer vulnerability Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075) A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077) Dan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by SeaMonkey, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse SeaMonkey into accepting it by mistake. (CVE-2009-2408) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3076) A flaw was found in the way SeaMonkey displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS (provided by SeaMonkey) now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 60665
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60665
    title Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0001.NASL
    description a. Update for Service Console packages nss and nspr Service console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR) are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console packages for NSS and NSPR. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-2409, CVE-2009-2408, CVE-2009-2404, CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, and CVE-2009-3382 to these issues.
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 43826
    published 2010-01-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43826
    title VMSA-2010-0001 : ESX Service Console and vMA updates for nss and nspr
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-810-3.NASL
    description USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS (e.g. Firefox) to have an executable stack. This reduced the effectiveness of some defensive security protections. This update fixes the problem. We apologize for the inconvenience. Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404) Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 65117
    published 2013-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65117
    title Ubuntu 8.04 LTS / 8.10 / 9.04 : nss regression (USN-810-3)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1432.NASL
    description Updated SeaMonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075) A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077) Dan Kaminsky discovered flaws in the way browsers such as SeaMonkey handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by SeaMonkey, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse SeaMonkey into accepting it by mistake. (CVE-2009-2408) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3076) A flaw was found in the way SeaMonkey displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS (provided by SeaMonkey) now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-01-16
    modified 2018-11-27
    plugin id 40923
    published 2009-09-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40923
    title RHEL 3 : seamonkey (RHSA-2009:1432)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-859-1.NASL
    description Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation in OpenJDK. (CVE-2009-2409) It was discovered that ICC profiles could be identified with '..' pathnames. If a user were tricked into running a specially crafted applet, a remote attacker could gain information about a local system. (CVE-2009-3728) Peter Vreugdenhil discovered multiple flaws in the processing of graphics in the AWT library. If a user were tricked into running a specially crafted applet, a remote attacker could crash the application or run arbitrary code with user privileges. (CVE-2009-3869, CVE-2009-3871) Multiple flaws were discovered in JPEG and BMP image handling. If a user were tricked into loading a specially crafted image, a remote attacker could crash the application or run arbitrary code with user privileges. (CVE-2009-3873, CVE-2009-3874, CVE-2009-3885) Coda Hale discovered that HMAC-based signatures were not correctly validated. Remote attackers could bypass certain forms of authentication, granting unexpected access. (CVE-2009-3875) Multiple flaws were discovered in ASN.1 parsing. A remote attacker could send a specially crafted HTTP stream that would exhaust system memory and lead to a denial of service. (CVE-2009-3876, CVE-2009-3877) It was discovered that the graphics configuration subsystem did not correctly handle arrays. If a user were tricked into running a specially crafted applet, a remote attacker could exploit this to crash the application or execute arbitrary code with user privileges. (CVE-2009-3879) It was discovered that loggers and Swing did not correctly handle certain sensitive objects. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy. (CVE-2009-3880, CVE-2009-3882, CVE-2009-3883) It was discovered that the ClassLoader did not correctly handle certain options. If a user were tricked into running a specially crafted applet, a remote attacker could execute arbitrary code with user privileges. (CVE-2009-3881) It was discovered that time zone file loading could be used to determine the existence of files on the local system. If a user were tricked into running a specially crafted applet, private information could be leaked to a remote attacker, leading to a loss of privacy. (CVE-2009-3884). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 42817
    published 2009-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42817
    title Ubuntu 8.10 / 9.04 / 9.10 : openjdk-6 vulnerabilities (USN-859-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1584.NASL
    description Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. An integer overflow flaw and buffer overflow flaws were found in the way the JRE processed image files. An untrusted applet or application could use these flaws to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874) An information leak was found in the JRE. An untrusted applet or application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3881) It was discovered that the JRE still accepts certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by the JRE. With this update, the JRE disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) A timing attack flaw was found in the way the JRE processed HMAC digests. This flaw could aid an attacker using forged digital signatures to bypass authentication checks. (CVE-2009-3875) Two denial of service flaws were found in the JRE. These could be exploited in server-side application scenarios that process DER-encoded (Distinguished Encoding Rules) data. (CVE-2009-3876, CVE-2009-3877) An information leak was found in the way the JRE handled color profiles. An attacker could use this flaw to discover the existence of files outside of the color profiles directory. (CVE-2009-3728) A flaw in the JRE with passing arrays to the X11GraphicsDevice API was found. An untrusted applet or application could use this flaw to access and modify the list of supported graphics configurations. This flaw could also lead to sensitive information being leaked to unprivileged code. (CVE-2009-3879) It was discovered that the JRE passed entire objects to the logging API. This could lead to sensitive information being leaked to either untrusted or lower-privileged code from an attacker-controlled applet which has access to the logging API and is therefore able to manipulate (read and/or call) the passed objects. (CVE-2009-3880) Potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-3882, CVE-2009-3883) An information leak was found in the way the TimeZone.getTimeZone method was handled. This method could load time zone files that are outside of the [JRE_HOME]/lib/zi/ directory, allowing a remote attacker to probe the local file system. (CVE-2009-3884) Note: The flaws concerning applets in this advisory, CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881 and CVE-2009-3884, can only be triggered in java-1.6.0-openjdk by calling the 'appletviewer' application. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2018-11-27
    plugin id 42828
    published 2009-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42828
    title RHEL 5 : java-1.6.0-openjdk (RHSA-2009:1584)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1560.NASL
    description Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886) Users of java-1.6.0-sun should upgrade to these updated packages, which correct these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2018-11-27
    plugin id 42431
    published 2009-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42431
    title RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:1560)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1935.NASL
    description Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of the TLS/SSL protocol, does not properly handle a '\0' character in a domain name in the subject's Common Name or Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. (CVE-2009-2730 ) In addition, with this update, certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptograhically secure. It only affects the oldstable distribution (etch).(CVE-2009-2409 )
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 44800
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44800
    title Debian DSA-1935-1 : gnutls13 gnutls26 - several vulnerabilities
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0007.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack (#907589) - fix for CVE-2013-0166 - DoS in OCSP signatures checking (#908052) - enable compression only if explicitly asked for or OPENSSL_DEFAULT_ZLIB environment variable is set (fixes CVE-2012-4929 #857051) - use __secure_getenv everywhere instead of getenv (#839735) - fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686) - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio (#814185) - fix problem with the SGC restart patch that might terminate handshake incorrectly - fix for CVE-2012-0884 - MMA weakness in CMS and PKCS#7 code (#802725) - fix for CVE-2012-1165 - NULL read dereference on bad MIME headers (#802489) - fix for CVE-2011-4108 & CVE-2012-0050 - DTLS plaintext recovery vulnerability and additional DTLS fixes (#771770) - fix for CVE-2011-4109 - double free in policy checks (#771771) - fix for CVE-2011-4576 - uninitialized SSL 3.0 padding (#771775) - fix for CVE-2011-4619 - SGC restart DoS attack (#771780) - add known answer test for SHA2 algorithms (#740866) - make default private key length in certificate Makefile 2048 bits (can be changed with PRIVATE_KEY_BITS setting) (#745410) - fix incorrect return value in parse_yesno (#726593) - added DigiCert CA certificates to ca-bundle (#735819) - added a new section about error states to README.FIPS (#628976) - add missing DH_check_pub_key call when DH key is computed (#698175) - presort list of ciphers available in SSL (#688901) - accept connection in s_server even if getaddrinfo fails (#561260) - point to openssl dgst for list of supported digests (#608639) - fix handling of future TLS versions (#599112) - added VeriSign Class 3 Public Primary Certification Authority - G5 and StartCom Certification Authority certs to ca-bundle (#675671, #617856) - upstream fixes for the CHIL engine (#622003, #671484) - add SHA-2 hashes in SSL_library_init (#676384) - fix CVE-2010-4180 - completely disable code for SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (#659462) - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) - fix CVE-2009-2409 - drop MD2 algorithm from EVP tables (#510197) - fix CVE-2009-4355 - do not leak memory when CRYPTO_cleanup_all_ex_data is called prematurely by application (#546707)
    last seen 2019-01-16
    modified 2018-07-24
    plugin id 79531
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79531
    title OracleVM 2.2 : openssl (OVMSA-2014-0007)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0054.NASL
    description Updated openssl packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init() function after previous calls to the CRYPTO_cleanup_all_ex_data() function, which would cause a memory leak for each subsequent SSL connection. This flaw could cause server applications that call those functions during reload, such as a combination of the Apache HTTP Server, mod_ssl, PHP, and cURL, to consume all available memory, resulting in a denial of service. (CVE-2009-4355) Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 44063
    published 2010-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44063
    title RHEL 5 : openssl (RHSA-2010:0054)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1662.NASL
    description Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Network Satellite Server 5.1. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the Sun Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.1. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the Sun Java 5 Runtime Environment. (CVE-2006-2426, CVE-2008-2086, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1103, CVE-2009-1104, CVE-2009-1107, CVE-2009-2409, CVE-2009-2475, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689, CVE-2009-3728, CVE-2009-3873, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884) Note: This is the final update for the java-1.5.0-sun packages, as the Sun Java SE Release family 5.0 has now reached End of Service Life. An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of the IBM Developer Kit for Linux, which is available from the Satellite 5.1 channels on the Red Hat Network. For a long term solution, Red Hat advises users to switch from Sun Java SE 5.0 to the Java 2 Technology Edition of the IBM Developer Kit for Linux. Refer to the Solution section for instructions. Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to these updated java-1.5.0-sun packages, which resolve these issues. All running instances of Sun Java must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2018-11-27
    plugin id 53539
    published 2011-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53539
    title RHEL 4 : Sun Java Runtime in Satellite Server (RHSA-2009:1662)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090731_NSPR_AND_NSS_FOR_SL_4_X.NASL
    description CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) CVE-2009-2408 firefox/nss: doesn't handle NULL in Common Name properly CVE-2009-2404 nss regexp heap overflow Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) These version upgrades also provide a fix for the following bug : - SSL client authentication failed against an Apache server when it was using the mod_nss module and configured for NSSOCSP. On the client side, the user agent received an error message that referenced 'Error Code : - -12271' and stated that establishing an encrypted connection had failed because the certificate had been rejected by the host. On the server side, the nss_error_log under /var/log/httpd/ contained the following message : [error] Re-negotiation handshake failed: Not accepted by client!? Also, /var/log/httpd/error_log contained this error : SSL Library Error: -8071 The OCSP server experienced an internal error With these updated packages, the dependency problem which caused this failure has been resolved so that SSL client authentication with an Apache web server using mod_nss which is configured for NSSOCSP succeeds as expected. Note that if the presented client certificate is expired, then access is denied, the user agent is presented with an error message about the invalid certificate, and the OCSP queries are seen in the OCSP responder. Also, similar OCSP status verification happens for SSL server certificates used in Apache upon instance start or restart. (BZ#508027)
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 60631
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60631
    title Scientific Linux Security Update : nspr and nss for SL 4.x on i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20091109_JAVA__JDK_1_6_0__ON_SL4_X.NASL
    description CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968) CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503) CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877 CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357) CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358) CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow (6874643) CVE-2009-3728 OpenJDK ICC_Profile file existence detection information leak (6631533) CVE-2009-3881 OpenJDK resurrected classloaders can still have children (6636650) CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable variables (6657026,6657138) CVE-2009-3880 OpenJDK UI logging information leakage(6664512) CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057) CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265) CVE-2009-3729 JRE TrueType font parsing crash (6815780) CVE-2009-3872 JRE JPEG JFIF Decoder issue (6862969) CVE-2009-3886 JRE REGRESSION:have problem to run JNLP app and applets with signed Jar files (6870531) CVE-2009-3865 java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752) CVE-2009-3866 java-1.6.0-sun: Privilege escalation in the Java Web Start Installer (6872824) CVE-2009-3867 java-1.5.0-sun, java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303) CVE-2009-3868 java-1.5.0-sun, java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970) This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the 'Advance notification of Security Updates for Java SE' page from Sun Microsystems, listed in the References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886) All running instances of Sun Java must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 60691
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60691
    title Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100119_OPENSSL_ON_SL5_X.NASL
    description CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) CVE-2009-4355 openssl significant memory leak in certain SSLv3 requests (DoS) It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init() function after previous calls to the CRYPTO_cleanup_all_ex_data() function, which would cause a memory leak for each subsequent SSL connection. This flaw could cause server applications that call those functions during reload, such as a combination of the Apache HTTP Server, mod_ssl, PHP, and cURL, to consume all available memory, resulting in a denial of service. (CVE-2009-4355) Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 60725
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60725
    title Scientific Linux Security Update : openssl on SL5.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-11486.NASL
    description Add latest security patches Bug numbers:510197, 530053, 530057, 530061, 530062, 530063, 530067, 530098, 530173, 530175, 530296, 530297, 530300 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2016-12-08
    plugin id 42802
    published 2009-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42802
    title Fedora 11 : java-1.6.0-openjdk-1.6.0.0-30.b16.fc11 (2009-11486)
oval via4
  • accepted 2013-04-29T04:08:29.245-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
    family unix
    id oval:org.mitre.oval:def:10763
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
    version 25
  • accepted 2014-01-20T04:01:27.467-05:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
    family unix
    id oval:org.mitre.oval:def:6631
    status accepted
    submitted 2010-06-01T17:30:00.000-05:00
    title Network Security Services Library Supports Certificates With Weak MD2 Hash Signatures
    version 8
  • accepted 2014-01-20T04:01:32.757-05:00
    class vulnerability
    contributors
    • name Varun
      organization Hewlett-Packard
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
    family unix
    id oval:org.mitre.oval:def:7155
    status accepted
    submitted 2010-10-04T11:07:15.000-05:00
    title VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR.
    version 7
  • accepted 2014-01-20T04:01:40.677-05:00
    class vulnerability
    contributors
    • name Pai Peng
      organization Hewlett-Packard
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
    family unix
    id oval:org.mitre.oval:def:8594
    status accepted
    submitted 2010-03-18T13:00:53.000-04:00
    title VMware Network Security Services (NSS) certificate spoofing vulnerability by using MD2 design flaw
    version 7
redhat via4
advisories
  • bugzilla
    id 512912
    title CVE-2009-2404 nss regexp heap overflow
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment nss is earlier than 0:3.12.3.99.3-1.el4_8.2
          oval oval:com.redhat.rhsa:tst:20091184002
        • comment nss is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080978005
      • AND
        • comment nss-devel is earlier than 0:3.12.3.99.3-1.el4_8.2
          oval oval:com.redhat.rhsa:tst:20091184004
        • comment nss-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20080978007
      • AND
        • comment nss-tools is earlier than 0:3.12.3.99.3-1.el4_8.2
          oval oval:com.redhat.rhsa:tst:20091184006
        • comment nss-tools is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20090256009
      • AND
        • comment nspr is earlier than 0:4.7.4-1.el4_8.1
          oval oval:com.redhat.rhsa:tst:20091184008
        • comment nspr is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20081036009
      • AND
        • comment nspr-devel is earlier than 0:4.7.4-1.el4_8.1
          oval oval:com.redhat.rhsa:tst:20091184010
        • comment nspr-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20081036011
    rhsa
    id RHSA-2009:1184
    released 2009-07-30
    severity Critical
    title RHSA-2009:1184: nspr and nss security and bug fix update (Critical)
  • bugzilla
    id 512912
    title CVE-2009-2404 nss regexp heap overflow
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment nspr is earlier than 0:4.7.4-1.el5_3.1
          oval oval:com.redhat.rhsa:tst:20091186002
        • comment nspr is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20081036022
      • AND
        • comment nspr-devel is earlier than 0:4.7.4-1.el5_3.1
          oval oval:com.redhat.rhsa:tst:20091186004
        • comment nspr-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20081036024
      • AND
        • comment nss is earlier than 0:3.12.3.99.3-1.el5_3.2
          oval oval:com.redhat.rhsa:tst:20091186006
        • comment nss is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080879012
      • AND
        • comment nss-devel is earlier than 0:3.12.3.99.3-1.el5_3.2
          oval oval:com.redhat.rhsa:tst:20091186010
        • comment nss-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080879016
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.12.3.99.3-1.el5_3.2
          oval oval:com.redhat.rhsa:tst:20091186012
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080879014
      • AND
        • comment nss-tools is earlier than 0:3.12.3.99.3-1.el5_3.2
          oval oval:com.redhat.rhsa:tst:20091186008
        • comment nss-tools is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080879018
    rhsa
    id RHSA-2009:1186
    released 2009-07-30
    severity Critical
    title RHSA-2009:1186: nspr and nss security, bug fix, and enhancement update (Critical)
  • rhsa
    id RHSA-2009:1207
  • rhsa
    id RHSA-2009:1432
  • rhsa
    id RHSA-2010:0095
rpms
  • nss-0:3.12.3.99.3-1.el4_8.2
  • nss-devel-0:3.12.3.99.3-1.el4_8.2
  • nss-tools-0:3.12.3.99.3-1.el4_8.2
  • nspr-0:4.7.4-1.el4_8.1
  • nspr-devel-0:4.7.4-1.el4_8.1
  • nspr-0:4.7.4-1.el5_3.1
  • nspr-devel-0:4.7.4-1.el5_3.1
  • nss-0:3.12.3.99.3-1.el5_3.2
  • nss-devel-0:3.12.3.99.3-1.el5_3.2
  • nss-pkcs11-devel-0:3.12.3.99.3-1.el5_3.2
  • nss-tools-0:3.12.3.99.3-1.el5_3.2
  • seamonkey-0:1.0.9-0.45.el3
  • seamonkey-chat-0:1.0.9-0.45.el3
  • seamonkey-devel-0:1.0.9-0.45.el3
  • seamonkey-dom-inspector-0:1.0.9-0.45.el3
  • seamonkey-js-debugger-0:1.0.9-0.45.el3
  • seamonkey-mail-0:1.0.9-0.45.el3
  • seamonkey-nspr-0:1.0.9-0.45.el3
  • seamonkey-nspr-devel-0:1.0.9-0.45.el3
  • seamonkey-nss-0:1.0.9-0.45.el3
  • seamonkey-nss-devel-0:1.0.9-0.45.el3
  • java-1.6.0-openjdk-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-demo-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-devel-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-javadoc-1:1.6.0.0-1.7.b09.el5
  • java-1.6.0-openjdk-src-1:1.6.0.0-1.7.b09.el5
  • openssl-0:0.9.8e-12.el5_4.1
  • openssl-devel-0:0.9.8e-12.el5_4.1
  • openssl-perl-0:0.9.8e-12.el5_4.1
  • openssl-0:0.9.7a-33.26
  • openssl-devel-0:0.9.7a-33.26
  • openssl-perl-0:0.9.7a-33.26
  • openssl-0:0.9.7a-43.17.el4_8.5
  • openssl-devel-0:0.9.7a-43.17.el4_8.5
  • openssl-perl-0:0.9.7a-43.17.el4_8.5
  • gnutls-0:1.4.1-3.el5_4.8
  • gnutls-devel-0:1.4.1-3.el5_4.8
  • gnutls-utils-0:1.4.1-3.el5_4.8
refmap via4
apple APPLE-SA-2009-11-09-1
bugtraq 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console
confirm
debian
  • DSA-1874
  • DSA-1888
gentoo
  • GLSA-200911-02
  • GLSA-200912-01
mandriva
  • MDVSA-2009:197
  • MDVSA-2009:216
  • MDVSA-2009:258
  • MDVSA-2010:084
mlist
  • [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released
  • [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released
sectrack 1022631
secunia
  • 36139
  • 36157
  • 36434
  • 36669
  • 36739
  • 37386
  • 42467
ubuntu
  • USN-810-1
  • USN-810-2
vupen
  • ADV-2009-2085
  • ADV-2009-3184
  • ADV-2010-3126
Last major update 07-12-2016 - 22:01
Published 30-07-2009 - 15:30
Last modified 10-10-2018 - 15:40
Back to Top