ID CVE-2013-5605
Summary Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.
References
Vulnerable Configurations
  • Mozilla Network Security Services 3.14
    cpe:2.3:a:mozilla:network_security_services:3.14
  • Mozilla Network Security Services 3.14.1
    cpe:2.3:a:mozilla:network_security_services:3.14.1
  • Mozilla Network Security Services 3.14.2
    cpe:2.3:a:mozilla:network_security_services:3.14.2
  • Mozilla Network Security Services 3.14.3
    cpe:2.3:a:mozilla:network_security_services:3.14.3
  • Mozilla Network Security Services 3.14.4
    cpe:2.3:a:mozilla:network_security_services:3.14.4
  • Mozilla Network Security Services 3.15
    cpe:2.3:a:mozilla:network_security_services:3.15
  • Mozilla Network Security Services 3.15.1
    cpe:2.3:a:mozilla:network_security_services:3.15.1
  • Mozilla Network Security Services 3.15.2
    cpe:2.3:a:mozilla:network_security_services:3.15.2
CVSS
Base: 7.5 (as of 30-03-2016 - 14:33)
Impact:
Exploitability:
CWE CWE-20
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
  • Object Relational Mapping Injection
    An attacker leverages a weakness present in the database access layer code generated with an Object Relational Mapping (ORM) tool or a weakness in the way that a developer used a persistence framework to inject his or her own SQL commands to be executed against the underlying database. The attack here is similar to plain SQL injection, except that the application does not use JDBC to directly talk to the database, but instead it uses a data access layer generated by an ORM tool or framework (e.g. Hibernate). While most of the time code generated by an ORM tool contains safe access methods that are immune to SQL injection, sometimes either due to some weakness in the generated code or due to the fact that the developer failed to use the generated access methods properly, SQL injection is still possible.
  • SQL Injection through SOAP Parameter Tampering
    An attacker modifies the parameters of the SOAP message that is sent from the service consumer to the service provider to initiate a SQL injection attack. On the service provider side, the SOAP message is parsed and parameters are not properly validated before being used to access a database in a way that does not use parameter binding, thus enabling the attacker to control the structure of the executed SQL query. This pattern describes a SQL injection attack with the delivery mechanism being a SOAP message.
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Format String Injection
    An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
  • LDAP Injection
    An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.
  • Relative Path Traversal
    An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Variable Manipulation
    An attacker manipulates variables used by an application to perform a variety of possible attacks. This can either be performed through the manipulation of function call parameters or by manipulating external variables, such as environment variables, that are used by an application. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Embedding Scripts in Non-Script Elements
    This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.
  • Flash Injection
    An attacker tricks a victim to execute malicious flash content that executes commands or makes flash calls specified by the attacker. One example of this attack is cross-site flashing, an attacker controlled parameter to a reference call loads from content specified by the attacker.
  • Cross-Site Scripting Using Alternate Syntax
    The attacker uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site's web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the "script" tag using the alternate forms of "Script" or "ScRiPt" may bypass filters where "script" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • XML Nested Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
  • XML Oversized Payloads
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • Cross-Site Scripting via Encoded URI Schemes
    An attack of this type exploits the ability of most browsers to interpret "data", "javascript" or other URI schemes as client-side executable content placeholders. This attack consists of passing a malicious URI in an anchor tag HREF attribute or any other similar attributes in other HTML tags. Such malicious URI contains, for example, a base64 encoded HTML content with an embedded cross-site scripting payload. The attack is executed when the browser interprets the malicious content i.e., for example, when the victim clicks on the malicious link.
  • XML Injection
    An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. The user-controllable input can allow for unauthorized viewing of data, bypassing authentication or the front-end application for direct XML database access, and possibly altering database information.
  • Environment Variable Manipulation
    An attacker manipulates environment variables used by an application to perform a variety of possible attacks. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Global variable manipulation
    An attacker manipulates global variables used by an application to perform a variety of possible attacks. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Leverage Alternate Encoding
    This attack leverages the possibility to encode potentially harmful input and submit it to applications not expecting or effective at validating this encoding standard making input filtering difficult.
  • Fuzzing
    Fuzzing is a software testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. An attacker can leverage fuzzing to try to identify weaknesses in the system. For instance fuzzing can help an attacker discover certain assumptions made in the system about user input. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions without really knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve his goals.
  • Using Leading 'Ghost' Character Sequences to Bypass Input Filters
    An attacker intentionally introduces leading characters that enable getting the input past the filters. The API that is being targeted, ignores the leading "ghost" characters, and therefore processes the attackers' input. This occurs when the targeted API will accept input data in several syntactic forms and interpret it in the equivalent semantic way, while the filter does not take into account the full spectrum of the syntactic forms acceptable to the targeted API. Some APIs will strip certain leading characters from a string of parameters. Perhaps these characters are considered redundant, and for this reason they are removed. Another possibility is the parser logic at the beginning of analysis is specialized in some way that causes some characters to be removed. The attacker can specify multiple types of alternative encodings at the beginning of a string as a set of probes. One commonly used possibility involves adding ghost characters--extra characters that don't affect the validity of the request at the API layer. If the attacker has access to the API libraries being targeted, certain attack ideas can be tested directly in advance. Once alternative ghost encodings emerge through testing, the attacker can move from lab-based API testing to testing real-world service implementations.
  • Accessing/Intercepting/Modifying HTTP Cookies
    This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form of this attack involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the attacker to impersonate the remote user/session. The third form is when the cookie's content is modified by the attacker before it is sent back to the server. Here the attacker seeks to convince the target server to operate on this falsified information.
  • Embedding Scripts in HTTP Query Strings
    A variant of cross-site scripting called "reflected" cross-site scripting, the HTTP Query Strings attack consists of passing a malicious script inside an otherwise valid HTTP request query string. This is of significant concern for sites that rely on dynamic, user-generated content such as bulletin boards, news sites, blogs, and web enabled administration GUIs. The malicious script may steal session data, browse history, probe files, or otherwise execute attacks on the client side. Once the attacker has prepared the malicious HTTP query it is sent to a victim user (perhaps by email, IM, or posted on an online forum), who clicks on a normal looking link that contains a poison query string. This technique can be made more effective through the use of services like http://tinyurl.com/, which makes very small URLs that will redirect to very large, complex ones. The victim will not know what he is really clicking on.
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Exploiting Multiple Input Interpretation Layers
    An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Signature Spoof
    An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
  • XML Client-Side Attack
    Client applications such as web browsers that process HTML data often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.484.1]
  • Embedding NULL Bytes
    An attacker embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in many environments. The goal is for certain components of the target software to stop processing the input when it encounters the null byte(s).
  • Postfix, Null Terminate, and Backslash
    If a string is passed through a filter of some kind, then a terminal NULL may not be valid. Using alternate representation of NULL allows an attacker to embed the NULL mid-string while postfixing the proper data so that the filter is avoided. One example is a filter that looks for a trailing slash character. If a string insertion is possible, but the slash must exist, an alternate encoding of NULL in mid-string may be used.
  • Simple Script Injection
    An attacker embeds malicious scripts in content that will be served to web browsers. The goal of the attack is for the target software, the client-side browser, to execute the script with the users' privilege level. An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute code and scripts. Web browsers, for example, have some simple security controls in place, but if a remote attacker is allowed to execute scripts (through injecting them in to user-generated content like bulletin boards) then these controls may be bypassed. Further, these attacks are very difficult for an end user to detect.
  • Using Slashes and URL Encoding Combined to Bypass Validation Logic
    This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
  • SQL Injection
    This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. Depending upon the database and the design of the application, it may also be possible to leverage injection to have the database execute system-related commands of the attackers' choice. SQL Injection enables an attacker to talk directly to the database, thus bypassing the application completely. Successful injection can cause information disclosure as well as ability to add or modify data in the database. In order to successfully inject SQL and retrieve information from a database, an attacker:
  • String Format Overflow in syslog()
    This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
  • Blind SQL Injection
    Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the attacker constructs input strings that probe the target through simple Boolean SQL expressions. The attacker can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the attacker determines how and where the target is vulnerable to SQL Injection. For example, an attacker may try entering something like "username' AND 1=1; --" in an input field. If the result is the same as when the attacker entered "username" in the field, then the attacker knows that the application is vulnerable to SQL Injection. The attacker can then ask yes/no questions from the database server to extract information from it. For example, the attacker can extract table names from a database using the following types of queries: If the above query executes properly, then the attacker knows that the first character in a table name in the database is a letter between m and z. If it doesn't, then the attacker knows that the character must be between a and l (assuming of course that table names only contain alphabetic characters). By performing a binary search on all character positions, the attacker can determine all table names in the database. Subsequently, the attacker may execute an actual attack and send something like:
  • Using Unicode Encoding to Bypass Validation Logic
    An attacker may provide a Unicode string to a system component that is not Unicode aware and use that to circumvent the filter or cause the classifying mechanism to fail to properly understanding the request. That may allow the attacker to slip malicious data past the content filter and/or possibly cause the application to route the request incorrectly.
  • URL Encoding
    This attack targets the encoding of the URL. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc. The attacker could also subvert the meaning of the URL string request by encoding the data being sent to the server through a GET request. For instance an attacker may subvert the meaning of parameters used in a SQL request and sent through the URL string (See Example section).
  • User-Controlled Filename
    An attack of this type involves an attacker inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities.
  • Using Escaped Slashes in Alternate Encoding
    This attack targets the use of the backslash in alternate encoding. An attacker can provide a backslash as a leading character and causes a parser to believe that the next character is special. This is called an escape. By using that trick, the attacker tries to exploit alternate ways to encode the same character which leads to filter problems and opens avenues to attack.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Using UTF-8 Encoding to Bypass Validation Logic
    This attack is a specific variation on leveraging alternate encodings to bypass validation logic. This attack leverages the possibility to encode potentially harmful input in UTF-8 and submit it to applications not expecting or effective at validating this encoding standard making input filtering difficult. UTF-8 (8-bit UCS/Unicode Transformation Format) is a variable-length character encoding for Unicode. Legal UTF-8 characters are one to four bytes long. However, early version of the UTF-8 specification got some entries wrong (in some cases it permitted overlong characters). UTF-8 encoders are supposed to use the "shortest possible" encoding, but naive decoders may accept encodings that are longer than necessary. According to the RFC 3629, a particularly subtle form of this attack can be carried out against a parser which performs security-critical validity checks against the UTF-8 encoded form of its input, but interprets certain illegal octet sequences as characters.
  • Web Logs Tampering
    Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.
  • XPath Injection
    An attacker can craft special user-controllable input consisting of XPath expressions to inject the XML database and bypass authentication or glean information that he normally would not be able to. XPath Injection enables an attacker to talk directly to the XML database, thus bypassing the application completely. XPath Injection results from the failure of an application to properly sanitize input used as part of dynamic XPath expressions used to query an XML database. In order to successfully inject XML and retrieve information from a database, an attacker:
  • AJAX Fingerprinting
    This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. In many XSS attacks the attacker must get a "hole in one" and successfully exploit the vulnerability on the victim side the first time, once the client is redirected the attacker has many chances to engage in follow on probes, but there is only one first chance. In a widely used web application this is not a major problem because 1 in a 1,000 is good enough in a widely used application. A common first step for an attacker is to footprint the environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on.
  • Embedding Script (XSS) in HTTP Headers
    An attack of this type exploits web applications that generate web content, such as links in a HTML page, based on unvalidated or improperly validated data submitted by other actors. XSS in HTTP Headers attacks target the HTTP headers which are hidden from most users and may not be validated by web applications.
  • OS Command Injection
    In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
  • XSS in IMG Tags
    Image tags are an often overlooked, but convenient, means for a Cross Site Scripting attack. The attacker can inject script contents into an image (IMG) tag in order to steal information from a victim's browser and execute malicious scripts.
  • XML Parser Attack
    Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0015.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Update to nss-3.16.1 - Resolves: rhbz#1112136 - Update to NSS_3_15_3_RTM - Resolves: rhbz#1032470 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) - Preserve existing permissions when replacing existing pkcs11.txt file, but keep strict default permissions for new files - Resolves: rhbz#990631 - file permissions of pkcs11.txt/secmod.db must be kept when modified by NSS
    last seen 2019-01-16
    modified 2018-07-24
    plugin id 79538
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79538
    title OracleVM 3.3 : nss-util (OVMSA-2014-0015)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-23301.NASL
    description This update rebases the nss, nss-util, and nss-softokn packages to nss-3.15.3 and nspr to nspr-4.10.2 in order to address security-relevant bugs have been resolved in NSS 3.15.3. For further details please refer to the upstream release notes at https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes Included are some fixes to the manpages. For best results you should upgrade all packages at once including any devel packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-24
    plugin id 71449
    published 2013-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71449
    title Fedora 19 : nss-3.15.3-1.fc19 / nss-softokn-3.15.3-1.fc19 / nss-util-3.15.3-1.fc19 (2013-23301)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2800.NASL
    description Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library (nss). With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 71080
    published 2013-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71080
    title Debian DSA-2800-1 : nss - buffer overflow
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_17011_ESR.NASL
    description The installed version of Firefox ESR is a version prior to 17.0.11, and is, therefore, potentially affected by a code execution vulnerability related to the function 'Null_Cipher' in the file 'ssl/ssl3con.c' and handling handshake packets.
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 70947
    published 2013-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70947
    title Firefox ESR < 17.0.11 Null_Cipher Code Execution
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_17011_ESR.NASL
    description The installed version of Thunderbird ESR is earlier than 17.0.11 and is, therefore, potentially affected by a code execution vulnerability related to the function 'Null_Cipher' in the file 'ssl/ssl3con.c' and handling handshake packets.
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 71044
    published 2013-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71044
    title Mozilla Thunderbird ESR < 17.0.11 Null_Cipher Code Execution
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-878.NASL
    description the following security issues were fixed in mozilla-nss and mozilla nspr : - mozilla-nss : + update to 3.15.3 (bnc#850148) - CERT_VerifyCert returns SECSuccess (saying certificate is good) even for bad certificates, when the CERTVerifyLog log parameter is given (bmo#910438) - NSS advertises TLS 1.2 ciphersuites in a TLS 1.1 ClientHello (bmo#919677) - fix CVE-2013-5605 - mozilla-nspr : + update to version 4.10.2 relevant changes : - bmo#770534: possible pointer overflow in PL_ArenaAllocate() - bmo#888546: ptio.c:PR_ImportUDPSocket doesn't work
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 75206
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75206
    title openSUSE Security Update : mozilla-nss and mozilla-nspr (openSUSE-SU-2013:1730-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1841.NASL
    description Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6 and 5.9 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) All NSS users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for the changes to take effect.
    last seen 2019-01-16
    modified 2018-12-14
    plugin id 78989
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78989
    title RHEL 5 : nss (RHSA-2013:1841)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-23479.NASL
    description This update rebases the nss, nss-util, and nss-softokn packages to nss-3.15.3 and nspr to nspr-4.10.2 in order to address security-relevant bugs that have been resolved in NSS 3.15.3. For further details please refer to the upstream release notes at https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes For best results you should upgrade all packages at once including any devel packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-24
    plugin id 71594
    published 2013-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71594
    title Fedora 18 : nss-3.15.3-1.fc18 / nss-softokn-3.15.3-1.fc18 / nss-util-3.15.3-1.fc18 (2013-23479)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0066.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix SSL_DH_MIN_P_BITS in more places. - Keep SSL_DH_MIN_P_BITS at 768 as in the previously released build. - Run SSL tests - Add compatility patches to prevent regressions - Ensure all ssl.sh tests are executed - Rebase to nss 3.21 - Resolves: Bug 1297944 - Rebase RHEL 5.11.z to NSS 3.21 in preparation for Firefox 45 - Actually apply the fix for CVE-2016-1950 from NSS 3.19.2.3 ... - Include the fix for CVE-2016-1950 from NSS 3.19.2.3 - Resolves: Bug 1269354 - CVE-2015-7182 (CVE-2015-7181) - Rebase nss to 3.19.1 - Pick up upstream fix for client auth. regression caused by 3.19.1 - Revert upstream change to minimum key sizes - Remove patches that rendered obsolote by the rebase - Update existing patches on account of the rebase - Pick up upstream patch from nss-3.19.1 - Resolves: Bug 1236954 - CVE-2015-2730 NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64) - Resolves: Bug 1236967 - CVE-2015-2721 NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71) - On RHEL 6.x keep the TLS version defaults unchanged. - Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1) - Copy PayPalICA.cert and PayPalRootCA.cert to nss/tests/libpkix/certs - Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Update and reeneable nss-646045.patch on account of the rebase - Enable additional ssl test cycles and document why some aren't enabled - Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Fix shell syntax error on nss/tests/all.sh - Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Resolves: Bug 1200905 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-5.11] - Resolves: Bug 1158159 - Upgrade to NSS 3.16.2.3 for Firefox 31.3 - Adjust softokn patch to be compatible with legacy softokn API. - Resolves: Bug 1145430 - (CVE-2014-1568) - Add patches published with NSS 3.16.2.1 - Resolves: Bug 1145430 - (CVE-2014-1568) - Backport nss-3.12.6 upstream fix required by Firefox 31 ESR - Resolves: Bug 1110860 - Rebase to nss-3.16.1 for FF31 - Resolves: Bug 1110860 - Rebase nss in RHEL 5.11 to NSS 3.16.1, required for FF 31 - Remove unused and obsolete patches - Related: Bug 1032468 - Improve shell code for error detection on %check section - Resolves: Bug 1035281 - Suboptimal shell code in nss.spec - Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1042684 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) - Pick up corrections made in the rhel-10.Z branch, remove an unused patch - Resolves: rhbz#1032468 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) nss: various flaws [rhel-5.11] - Remove unused patch and retag for update to nss-3.15.3 - Resolves: rhbz#1032468 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) nss: various flaws [rhel-5.11] - Update to nss-3.15.3 - Resolves: rhbz#1032468 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) nss: various flaws [rhel-5.11] - Remove unused patches - Resolves: rhbz#1002642 - Rebase RHEL 5 to NSS 3.15.1 (for FF 24.x) - Rebase to nss-3.15.1 - Resolves: rhbz#1002642 - Rebase RHEL 5 to NSS 3.15.1 (for FF 24.x) - Resolves: rhbz#1015864 - [Regression] NSS no longer trusts MD5 certificates - Split %check section tests in two: freebl/softoken and rest of nss tests - Adjust various patches and spec file steps on account of the rebase - Add various patches and remove obsoleted ones on account of the rebase - Renumber patches so freeb/softoken ones match the corresponding ones in rhel-6 nss-softokn - Make the freebl sources identical to the corresponding ones for rhel-6.5 - Related: rhbz#987131 - Adjust the patches to complete the syncup with upstrean nss - Use NSS_DISABLE_HW_GCM on the patch as we do on the spec file - Ensure softoken/freebl code is the same on nss side as on the softoken side - Related: rhbz#987131 - Add disable_hw_gcm.patch and in the spec file export NSS_DISABLE_HW_GCM=1 - Disable HW GCM on RHEL-5 as the older kernel lacks support for it - Related: rhbz#987131 - Related: rhbz#987131 - Display cpuifo as part of the tests - Resolves: rhbz#987131 - Pick up various upstream GCM code fixes applied since nss-3.14.3 was released - Roll back to 79c87e69caa7454cbcf5f8161a628c538ff3cab3 - Peviously added patch hasn't solved the sporadic core dumps - Related: rhbz#983766 - nssutil_ReadSecmodDB leaks memory - Resolves: rhbz#983766 - nssutil_ReadSecmodDB leaks memory - Add patch to get rid of sporadic blapitest core dumps - Restore 'export NO_FORK_CHECK=1' required for binary compatibility on RHEL-5 - Remove an unused patch - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 - Resolves: rhbz#807419 - nss-tools certutil -H does not list all options - Apply upstream fixes for ecc enabling and aes gcm - Rename two macros EC_MIN_KEY_BITS and EC_MAX_KEY_BITS per upstream - Apply several upstream AES GCM fixes - Resolves: rhbz#960241 - Enable ECC in nss and freebl - Resolves: rhbz#918948 - [RFE][RHEL5] - Enable ECC support limited to suite b - Export NSS_ENABLE_ECC=1 in the %check section to properly test ecc - Resolves: rhbz#960241 - Enable ECC in nss and freebl - Define -DNO_FORK_CHECK when compiling softoken for ABI compatibility - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Remove obsolete nss-nochktest.patch - Related: rhbz#960241 - Enable ECC in nss and freebl - Enable ECC by using the unstripped sources - Resolves: rhbz#960241 - Enable ECC in nss and freebl - Fix rpmdiff test reported failures and remove other unwanted changes - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Mon Apr 22 2013 Elio Maldonado - 3.14.3-3 - Update to NSS_3_14_3_RTM - Rework the rebase to preserve needed idiosynchracies - Ensure we install frebl/softoken from the extra build tree - Don't include freebl static library or its private headers - Add patch to deal with system sqlite not being recent enough - Don't install nss-sysinit nor sharedb - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Mon Apr 01 2013 Elio Maldonado - 3.14.3-2 - Restore the freebl-softoken source tar ball updated to 3.14.3 - Renumbering of some sources for clarity - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Update to NSS_3_14_3_RTM - Resolves: rhbz#918948 - [RFE][RHEL5] Rebase to nss-3.14.3 to fix the lucky-13 issue - Resolves: rhbz#891150 - Dis-trust TURKTRUST mis-issued *.google.com certificate - Update to NSS_3_13_6_RTM - Resolves: rhbz#883788 - [RFE] [RHEL5] Rebase to NSS >= 3.13.6 - Resolves: rhbz#820684 - Fix last entry in attrFlagsArray to be [NAME_SIZE(unextractable), PK11_ATTR_UNEXTRACTABLE] - Resolves: rhbz#820684 - Enable certutil handle user supplied flags for PKCS #11 attributes. - This will enable certutil to generate keys in fussy hardware tokens. - fix an error in the patch meta-information area (no code change) - Related: rhbz#830304 - Fix ia64 / i386 multilib nss install failure - Remove no longer needed %pre and %preun scriplets meant for nss updates from RHEL-5.0 - Related: rhbz#830304 - Fix the changes to the %post line - Having multiple commands requires that /sbin/lconfig be the beginning of the scriptlet - Resolves: rhbz#830304 - Fix multilib and scriptlet problems - Fix %post and %postun lines per packaging guildelines - Add %[?_isa] to tools Requires: per packaging guidelines - Fix explicit-lib-dependency zlib error reported by rpmlint - Resolves: rhbz#830304 - Remove unwanted change to nss.pc.in - Update to NSS_3_13_5_RTM - Resolves: rhbz#830304 - Update RHEL 5.x to NSS 3.13.5 and NSPR 4.9.1 for Mozilla 10.0.6 - Resolves: rhbz#797939 - Protect NSS_Shutdown from clients that fail to initialize nss - Resolves: Bug 788039 - retagging to prevent update problems - Resolves: Bug 788039 - rebase nss to make firefox 10 LTS rebase possible - Update to 4.8.9 - Resolves: Bug 713373 - File descriptor leak after service httpd reload - Don't initialize nss if already initialized or if there are no dbs - Retagging for a Y-stream version higher than the RHEL-5-7-Z branch - Retagging to keep the n-v-r as high as that for the RHEL-5-7-Z branch - Update builtins certs to those from NSSCKBI_1_88_RTM - Plug file descriptor leaks on httpd reloads - Update builtins certs to those from NSSCKBI_1_87_RTM - Update builtins certs to those from NSSCKBI_1_86_RTM - Update builtins certs to NSSCKBI_1_85_RTM - Update to 3.12.10 - Fix libcrmf hard-coded maximum size for wrapped private keys - Update builtin certs to NSS_3.12.9_WITH_CKBI_1_82_RTM via a patch - Update builtin certs to those from NSS_3.12.9_WITH_CKBI_1_82_RTM - Update to 3.12.8
    last seen 2019-01-16
    modified 2018-07-24
    plugin id 91747
    published 2016-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91747
    title OracleVM 3.2 : nss (OVMSA-2016-0066)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_17_0_11_ESR.NASL
    description The installed version of Thunderbird ESR is prior to 17.0.11 and is, therefore, potentially affected by a code execution vulnerability related to the function 'Null_Cipher' in the file 'ssl/ssl3con.c' and handling handshake packets.
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 71042
    published 2013-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71042
    title Thunderbird ESR < 17.0.11 Null_Cipher Code Execution (Mac OS X)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_THUNDERBIRD_24_1_1.NASL
    description The installed version of Thunderbird is earlier than 24.1.1 and is, therefore, potentially affected by the following vulnerabilities : - An error exists related to handling input greater than half the maximum size of the 'PRUint32' value. (CVE-2013-1741) - An error exists in the 'Null_Cipher' function in the file 'ssl/ssl3con.c' related to handling invalid handshake packets that could allow arbitrary code execution. (CVE-2013-5605) - An error exists in the 'CERT_VerifyCert' function in the file 'lib/certhigh/certvfy.c' that could allow invalid certificates to be treated as valid. (CVE-2013-5606) - An integer truncation error exists in the function 'PL_ArenaAllocate' in the Netscape Portable Runtime (NSPR) library. (CVE-2013-5607)
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 71043
    published 2013-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71043
    title Thunderbird < 24.1 NSS and NSPR Multiple Vulnerabilities (Mac OS X)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-270.NASL
    description Multiple security issues was identified and fixed in mozilla NSPR and NSS : Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure (CVE-2013-1739). Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value (CVE-2013-1741). The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext (CVE-2013-2566). Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets (CVE-2013-5605). The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate (CVE-2013-5606). Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741 (CVE-2013-5607). The NSPR packages has been upgraded to the 4.10.2 version and the NSS packages has been upgraded to the 3.15.3 version which is unaffected by these security flaws. Additionally the rootcerts packages has been upgraded with the latest certdata.txt file as of 2013/11/11 from mozilla.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 70998
    published 2013-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70998
    title Mandriva Linux Security Advisory : nss (MDVSA-2013:270)
  • NASL family Web Servers
    NASL id SUN_JAVA_WEB_SERVER_7_0_20.NASL
    description According to its self-reported version, the Oracle iPlanet Web Server (formerly Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.20. It is, therefore, affected by the following vulnerabilities in the Network Security Services (NSS) : - The implementation of NSS does not ensure that data structures are initialized, which can result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - An error exists in the ssl_Do1stHandshake() function in file sslsecur.c due to unencrypted data being returned from PR_Recv when the TLS False Start feature is enabled. A man-in-the-middle attacker can exploit this, by using an arbitrary X.509 certificate, to spoof SSL servers during certain handshake traffic. (CVE-2013-1740) - An integer overflow condition exists related to handling input greater than half the maximum size of the 'PRUint32' value. A remote attacker can exploit this to cause a denial of service or possibly have other impact. (CVE-2013-1741) - An error exists in the Null_Cipher() function in the file ssl3con.c related to handling invalid handshake packets. A remote attacker, using a crafted request, can exploit this to execute arbitrary code. (CVE-2013-5605) - An error exists in the CERT_VerifyCert() function in the file certvfy.c when handling trusted certificates with incompatible key usages. A remote attacker, using a crafted request, can exploit this to have an invalid certificates treated as valid. (CVE-2013-5606) - A race condition exists in libssl that occurs during session ticket processing. A remote attacker can exploit this to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491) - An issue exists in the Network Security (NSS) library due to improper handling of IDNA domain prefixes for wildcard certificates. A man-in-the-middle attacker, using a crafted certificate, can exploit this to spoof an SSL server. (CVE-2014-1492)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 76593
    published 2014-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76593
    title Oracle iPlanet Web Server 7.0.x < 7.0.20 Multiple Vulnerabilities
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-266.NASL
    description A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) It was found that the fix for CVE-2013-1620 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash. (CVE-2013-1739) An integer overflow flaw was discovered in both NSS and NSPR's implementation of certification parsing on 64-bit systems. A remote attacker could use these flaws to cause an application using NSS or NSPR to crash. (CVE-2013-1741 , CVE-2013-5607) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606)
    last seen 2019-01-16
    modified 2018-04-18
    plugin id 71578
    published 2013-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71578
    title Amazon Linux AMI : nspr (ALAS-2013-266)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_24_1_1_ESR.NASL
    description The installed version of Firefox ESR 24.x is a version prior to 24.1.1 and is, therefore, potentially affected by the following vulnerabilities : - An error exists related to handling input greater than half the maximum size of the 'PRUint32' value. (CVE-2013-1741) - An error exists in the 'Null_Cipher' function in the file 'ssl/ssl3con.c' related to handling invalid handshake packets that could allow arbitrary code execution. (CVE-2013-5605) - An error exists in the 'CERT_VerifyCert' function in the file 'lib/certhigh/certvfy.c' that could allow invalid certificates to be treated as valid. (CVE-2013-5606) - An integer truncation error exists in the function 'PL_ArenaAllocate' in the Netscape Portable Runtime (NSPR) library. (CVE-2013-5607)
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 70945
    published 2013-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70945
    title Firefox ESR 24.x < 24.1.1 NSS and NSPR Multiple Vulnerabilities (Mac OS X)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0041.NASL
    description An updated rhev-hypervisor6 package that fixes multiple security issues is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade Red Hat Enterprise Virtualization Hypervisor 6.4 to version 6.5 through the 3.3 Manager administration portal, configuration of the previous system appears to be lost when reported in the TUI. However, this is an issue in the TUI itself, not in the upgrade process; the configuration of the system is not affected. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. (CVE-2013-6449) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) Red Hat would like to thank the Mozilla project for reporting CVE-2013-5606. Upstream acknowledges Camilo Viecco as the original reporter of CVE-2013-5606. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2013-6462 (libXfont issue) CVE-2013-6629, and CVE-2013-6630 (libjpeg-turbo issues) CVE-2013-1739, CVE-2013-1741, and CVE-2013-5607 (nss, nspr issues) CVE-2013-6450 (openssl issue) CVE-2013-6425 (pixman issue) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 78994
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78994
    title RHEL 6 : rhev-hypervisor6 (RHSA-2014:0041)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1829.NASL
    description Updated nss, nspr, and nss-util packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash. (CVE-2013-1739) An integer overflow flaw was discovered in both NSS and NSPR's implementation of certification parsing on 64-bit systems. A remote attacker could use these flaws to cause an application using NSS or NSPR to crash. (CVE-2013-1741, CVE-2013-5607) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) Red Hat would like to thank the Mozilla project for reporting CVE-2013-1741, CVE-2013-5606, and CVE-2013-5607. Upstream acknowledges Tavis Ormandy as the original reporter of CVE-2013-1741, Camilo Viecco as the original reporter of CVE-2013-5606, and Pascal Cuoq, Kamil Dudka, and Wan-Teh Chang as the original reporters of CVE-2013-5607. All NSS, NSPR, and nss-util users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, applications using NSS, NSPR, or nss-util must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-11-26
    plugin id 71390
    published 2013-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71390
    title RHEL 6 : nss, nspr, and nss-util (RHSA-2013:1829)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_25_0_1.NASL
    description The installed version of Firefox is a version prior to 25.0.1 and is, therefore, potentially affected by the following vulnerabilities : - An error exists related to handling input greater than half the maximum size of the 'PRUint32' value. (CVE-2013-1741) - An error exists in the 'Null_Cipher' function in the file 'ssl/ssl3con.c' related to handling invalid handshake packets that could allow arbitrary code execution. (CVE-2013-5605) - An error exists in the 'CERT_VerifyCert' function in the file 'lib/certhigh/certvfy.c' that could allow invalid certificates to be treated as valid. (CVE-2013-5606) - An integer truncation error exists in the function 'PL_ArenaAllocate' in the Netscape Portable Runtime (NSPR) library. (CVE-2013-5607)
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 70946
    published 2013-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70946
    title Firefox < 25.0.1 NSS and NSPR Multiple Vulnerabilities (Mac OS X)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1791.NASL
    description Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash. (CVE-2013-1739) An integer overflow flaw was discovered in both NSS and NSPR's implementation of certification parsing on 64-bit systems. A remote attacker could use these flaws to cause an application using NSS or NSPR to crash. (CVE-2013-1741, CVE-2013-5607) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) Red Hat would like to thank the Mozilla project for reporting CVE-2013-1741, CVE-2013-5606, and CVE-2013-5607. Upstream acknowledges Tavis Ormandy as the original reporter of CVE-2013-1741, Camilo Viecco as the original reporter of CVE-2013-5606, and Pascal Cuoq, Kamil Dudka, and Wan-Teh Chang as the original reporters of CVE-2013-5607. In addition, the nss package has been upgraded to upstream version 3.15.3, and the nspr package has been upgraded to upstream version 4.10.2. These updates provide a number of bug fixes and enhancements over the previous versions. (BZ#1033478, BZ#1020520) This update also fixes the following bug : * The RHBA-2013:1318 update introduced a regression that prevented the use of certificates that have an MD5 signature. This update fixes this regression and certificates that have an MD5 signature are once again supported. To prevent the use of certificates that have an MD5 signature, set the 'NSS_HASH_ALG_SUPPORT' environment variable to '-MD5'. (BZ#1033499) Users of NSS and NSPR are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-11-26
    plugin id 71243
    published 2013-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71243
    title RHEL 5 : nss and nspr (RHSA-2013:1791)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201504-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201504-01 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround : There are no known workarounds at this time.
    last seen 2019-01-16
    modified 2016-11-11
    plugin id 82632
    published 2015-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82632
    title GLSA-201504-01 : Mozilla Products: Multiple vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1829.NASL
    description From Red Hat Security Advisory 2013:1829 : Updated nss, nspr, and nss-util packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash. (CVE-2013-1739) An integer overflow flaw was discovered in both NSS and NSPR's implementation of certification parsing on 64-bit systems. A remote attacker could use these flaws to cause an application using NSS or NSPR to crash. (CVE-2013-1741, CVE-2013-5607) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) Red Hat would like to thank the Mozilla project for reporting CVE-2013-1741, CVE-2013-5606, and CVE-2013-5607. Upstream acknowledges Tavis Ormandy as the original reporter of CVE-2013-1741, Camilo Viecco as the original reporter of CVE-2013-5606, and Pascal Cuoq, Kamil Dudka, and Wan-Teh Chang as the original reporters of CVE-2013-5607. All NSS, NSPR, and nss-util users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, applications using NSS, NSPR, or nss-util must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 71388
    published 2013-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71388
    title Oracle Linux 6 : nspr / nss / nss-util (ELSA-2013-1829)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1791.NASL
    description Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash. (CVE-2013-1739) An integer overflow flaw was discovered in both NSS and NSPR's implementation of certification parsing on 64-bit systems. A remote attacker could use these flaws to cause an application using NSS or NSPR to crash. (CVE-2013-1741, CVE-2013-5607) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) Red Hat would like to thank the Mozilla project for reporting CVE-2013-1741, CVE-2013-5606, and CVE-2013-5607. Upstream acknowledges Tavis Ormandy as the original reporter of CVE-2013-1741, Camilo Viecco as the original reporter of CVE-2013-5606, and Pascal Cuoq, Kamil Dudka, and Wan-Teh Chang as the original reporters of CVE-2013-5607. In addition, the nss package has been upgraded to upstream version 3.15.3, and the nspr package has been upgraded to upstream version 4.10.2. These updates provide a number of bug fixes and enhancements over the previous versions. (BZ#1033478, BZ#1020520) This update also fixes the following bug : * The RHBA-2013:1318 update introduced a regression that prevented the use of certificates that have an MD5 signature. This update fixes this regression and certificates that have an MD5 signature are once again supported. To prevent the use of certificates that have an MD5 signature, set the 'NSS_HASH_ALG_SUPPORT' environment variable to '-MD5'. (BZ#1033499) Users of NSS and NSPR are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 71237
    published 2013-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71237
    title CentOS 5 : nspr / nss (CESA-2013:1791)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_2501.NASL
    description The installed version of Firefox is a version prior to 25.0.1 and is, therefore, potentially affected by the following vulnerabilities : - An error exists related to handling input greater than half the maximum size of the 'PRUint32' value. (CVE-2013-1741) - An error exists in the 'Null_Cipher' function in the file 'ssl/ssl3con.c' related to handling invalid handshake packets that could allow arbitrary code execution. (CVE-2013-5605) - An error exists in the 'CERT_VerifyCert' function in the file 'lib/certhigh/certvfy.c' that could allow invalid certificates to be treated as valid. (CVE-2013-5606) - An integer truncation error exists in the function 'PL_ArenaAllocate' in the Netscape Portable Runtime (NSPR) library. (CVE-2013-5607)
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 70949
    published 2013-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70949
    title Firefox < 25.0.1 NSS and NSPR Multiple Vulnerabilities
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0023.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : nss - Added nss-vendor.patch to change vendor - Replace expired PayPal test certificate that breaks the build - Resolves: Bug 1145431 - (CVE-2014-1568) - Resolves: Bug 1145431 - (CVE-2014-1568) - Removed listed but unused patches detected by the rpmdiff test - Resolves: Bug 1099619 - Update some patches on account of the rebase - Resolves: Bug 1099619 - Backport nss-3.12.6 upstream fix required by Firefox 31 - Resolves: Bug 1099619 - Remove two unused patches and apply a needed one that was missed - Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1 - Update to nss-3.16.1 - Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1 - Make pem's derEncodingsMatch function work with encrypted keys - Resolves: Bug 1048713 - [PEM] active FTPS with encrypted client key ends up with SSL_ERROR_TOKEN_INSERTION_REMOVAL - Remove unused patches - Resolves: Bug 1048713 - Resolves: Bug 1048713 - [PEM] active FTPS with encrypted client key ends up with SSL_ERROR_TOKEN_INSERTION_REMOVAL - Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1042685 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-6.6] - Enable patch with fix for deadlock in trust domain lock and object lock - Resolves: Bug 1036477 - deadlock in trust domain lock and object lock - Disable hw gcm on rhel-5 based build environments where OS lacks support - Rollback changes to build nss without softokn until Bug 689919 is approved - Cipher suite was run as part of the nss-softokn build - Update to NSS_3_15_3_RTM - Resolves: Bug 1032470 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) - Using export NSS_DISABLE_HW_GCM=1 to deal with some problemmatic build systems - Resolves: rhbz#1016044 - nss.s390: primary link for libnssckbi.so must be /usr/lib64/libnssckbi.so - Add s390x and ia64 to the %define multilib_arches list used for defining alt_ckbi - Resolves: rhbz#1016044 - nss.s390: primary link for libnssckbi.so must be /usr/lib64/libnssckbi.so - Add zero default value to DISABLETEST check and fix the TEST_FAILURES check and reporting - Resolves: rhbz#990631 - file permissions of pkcs11.txt/secmod.db must be kept when modified by NSS - Related: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Add a zero default value to the DISABLETEST and TEST_FAILURES checks - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Fix the test for zero failures in the %check section - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Restore a mistakenly removed patch - Resolves: rhbz#961659 - SQL backend does not reload certificates - Rebuild for the pem module to link with freel from nss-softokn-3.14.3-6.el6 - Related: rhbz#993441 - NSS needs to conform to new FIPS standard. - Related: rhbz#1010224 - NSS 3.15 breaks SSL in OpenLDAP clients - Don't require nss-softokn-fips - Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard. - Additional syntax fixes in nss-versus-softoken-test.patch - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Fix all.sh test for which application was last build by updating nss-versus-softoken-test.path - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Disable the cipher suite already run as part of the nss-softokn build - Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard. - Require nss-softokn-fips - Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard. - Require nspr-4.10.0 - Related: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Fix relative path in %check section to prevent undetected test failures - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Rebase to NSS_3.15.1_RTM - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Update patches on account of the shallow tree with the rebase to 3.15.1 - Update the pem module sources nss-pem-20130405.tar.bz2 with latest patches applied - Remove patches rendered obsolete by the nss rebase and the updated nss-pem sources - Enable the iquote.patch to access newly introduced types - Do not hold issuer certificate handles in the crl cache - Resolves: rhbz#961659 - SQL backend does not reload certificates - Resolves: rhbz#977341 - nss-tools certutil -H does not list all options - Resolves: rhbz#702083 - don't require unique file basenames - Fix race condition in cert code related to smart cards - Resolves: rhbz#903017 - Firefox hang when CAC/PIV smart card certificates are viewed in the certificate manager - Configure libnssckbi.so to use the alternatives system in order to prepare for a drop in replacement. Please ensure that older packages that don't use the alternatives system for libnssckbi.so have a smaller n-v-r. - Syncup with uptream changes for aes gcm and ecc suiteb - Enable ecc support for suite b - Apply several upstream AES GCM fixes - Use the pristine nss upstream sources with ecc included - Export NSS_ENABLE_ECC=1 in both the build and the check sections - Make failed requests for unsupoprted ssl pkcs 11 bypass non fatal - Resolves: rhbz#882408 - NSS_NO_PKCS11_BYPASS must preserve ABI - Related: rhbz#918950 - rebase nss to 3.14.3 nss-softokn - Adjust patch to be compatible with legacy softokn API. - Resolves: Bug 1145431 - (CVE-2014-1568) - Resolves: Bug 1145431 - (CVE-2014-1568) - Skip calls to CHECK_FORK in [C & NSC]_GetFunctionList - Resolves: Bug 1082900 - Admin server segfault when configuration DS configured on SSL port - Add workaround to %check unset DISPLAY section for RHEL-5 based build machines where kernel lacks support for hardware GCM - back out -fips package changes - Enable new packaging but don't apply nss-fips-post.patch - Related: rhbz#1008513 - Unable to login in fips mode - Fix the PR_Access stub to actually access the correct permissions - Resolves: rhbz#1008513 - Unable to login in fips mode - Run the lowhash tests - Require nspr-4.0.0 and nss-util-3.15.1 - create -fips packages - patch submitted by Bob Relyea - fix the script that splits softoken off from nss - patch nss/cmd/lib/basicutil.c to build against nss-util-3.15.1 - Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard. - Resolves: rhbz#976572 - Pick up various upstream GCM code fixes applied since nss-3.14.3 was released - Display cpuifo as part of the tests and make NSS_DISABLE_HW_GCM the environment variable to test for - When appling the patches use a backup file suffix that better describes the patch purpose - Enable ECC support for suite b and add upstream fixes for aec gcm - Use the unstripped upstream sources with ecc support - Limit the ECC support to suite b - Apply several upstream aes gcm fixes - Rename macros EC_MIN_KEY_BITS and EC_MAX_KEY_BITS per upstream - Resolves: rhbz#960208 - Enable ECC in nss-softoken - Related: rhbz#919172 nss-util - Resolves: bug 1145431 - (CVE-2014-1568) - Update to nss-3.16.1 - Resolves: rhbz#1112136 - Update to NSS_3_15_3_RTM - Resolves: rhbz#1032470 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) - Preserve existing permissions when replacing existing pkcs11.txt file, but keep strict default permissions for new files - Resolves: rhbz#990631 - file permissions of pkcs11.txt/secmod.db must be kept when modified by NSS
    last seen 2019-01-16
    modified 2018-07-24
    plugin id 79540
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79540
    title OracleVM 3.3 : nss (OVMSA-2014-0023)
  • NASL family Misc.
    NASL id ORACLE_TRAFFIC_DIRECTOR_JULY_2014_CPU.NASL
    description The remote host is running an unpatched version of Oracle Traffic Director that is affected by the following vulnerabilities : - The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - The implementation of Network Security Services (NSS) does not properly handle the TLS False Start feature and could allow man-in-the-middle attacks. (CVE-2013-1740) - NSS contains an integer overflow flaw that allows remote attackers to cause a denial of service. (CVE-2013-1741) - An error exists in the 'Null_Cipher' function in the file 'ssl/ssl3con.c' related to handling invalid handshake packets that could allow arbitrary code execution. (CVE-2013-5605) - An error exists in the 'CERT_VerifyCert' function in the file 'lib/certhigh/certvfy.c' that could allow invalid certificates to be treated as valid. (CVE-2013-5606) - Network Security Services (NSS) contains a race condition in libssl that occurs during session ticket processing. A remote attacker can exploit this flaw to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491) - An issue exists in the Network Security (NSS) library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue could allow man-in- the-middle attacks. (CVE-2014-1492)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 76938
    published 2014-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76938
    title Oracle Traffic Director Multiple Vulnerabilities (July 2014 CPU)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0065.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Rebase to NSPR 4.11 - Resolves: Bug 1297943 - Rebase RHEL 5.11.z to NSPR 4.11 in preparation for Firefox 45 - Resolves: Bug 1269359 - (CVE-2015-7183) - nspr: heap-buffer overflow in PL_ARENA_ALLOCATE can lead to crash (under ASAN), potential memory corruption [rhel-5.11.z] - Rebase to nspr-4.10.8 - Resolves: Bug 1200921 - Rebase nspr to 4.10.8 for Firefox 38 ESR - Rebase to nspr-4.10.6 - Resolves: Bug 1110857 - Rebase nspr in RHEL 5.11 to NSPR 4.10.6 for FF31 - Retagging - Resolves: rhbz#1032468 - Remove an unused patch - Resolves: rhbz#1032468 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) nss: various flaws [rhel-5.11] - Update to nspr-4.10.2 - Resolves: rhbz#1032468 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) nss: various flaws [rhel-5.11] - Retagging to fix an inconsitency in the release tags - Resolves: rhbz#1002641 - Rebase RHEL 5 to NSPR 4.10 (for FF 24.x) - Rebase to nspr-4.10.0 - Resolves: rhbz#1002641 - Rebase RHEL 5 to NSPR 4.10 (for FF 24.x) - Resolves: rhbz#737704 - Fix spec file test script typo and enable running the test suites - Resolves: rhbz#919183 - Rebase to nspr-4.9.5 - Resolves: rhbz#883777- [RFE] Rebase nspr to 4.9.2 due to Firefox 17 ESR - Resolves: rhbz#633519 - pthread_key_t leak and memory corruption - Resolves: rhbz#831654 - Fix %post and %postun - Updated License: to MPLv2.0 per upstream - Resolves: rhbz#831654 - Pick up fixes from the rhel-5.8 branch - Regenerated nspr-config-pc.patch passes the the rpmdiff tests - Resolves: rhbz#831654 - restore top section of nspr-config-pc.patch - Needed to prevent multilib regressions - Resolves: rhbz#831654 - revert unwanted changes to nspr.pc - Change@/nspr4 to@ in the patch - Update to NSPR_4_9_1_RTM - Resolves: rhbz#831654 - rebuilt - Resolves: Bug 772945 - [RFE] Async update nspr to make firefox 10 LTS rebase possible - Update to 4.8.9 - Bumping the relase tag so it's higher than the one in 5.7-z - Update to 4.8.8
    last seen 2019-01-16
    modified 2018-07-24
    plugin id 91746
    published 2016-06-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91746
    title OracleVM 3.2 : nspr (OVMSA-2016-0065)
  • NASL family Web Servers
    NASL id GLASSFISH_CPU_JUL_2014.NASL
    description The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities in the following components : - The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - The implementation of Network Security Services (NSS) does not properly handle the TLS False Start feature and could allow man-in-the-middle attacks. (CVE-2013-1740) - Network Security Services (NSS) contains an integer overflow flaw that allows remote attackers to cause a denial of service. (CVE-2013-1741) - An error exists in the 'Null_Cipher' function in the file 'ssl/ssl3con.c' related to handling invalid handshake packets that could allow arbitrary code execution. (CVE-2013-5605) - An error exists in the 'CERT_VerifyCert' function in the file 'lib/certhigh/certvfy.c' that could allow invalid certificates to be treated as valid. (CVE-2013-5606) - Oracle Mojarra contains a cross-site scripting vulnerability due to improperly sanitized user-supplied input. This allows an attacker to execute arbitrary script code within the context of the affected site. (CVE-2013-5855) - Network Security Services (NSS) contains a race condition in libssl that occurs during session ticket processing. A remote attacker can exploit this flaw to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491) - An issue exists in the Network Security (NSS) library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue allows man-in- the-middle attacks. (CVE-2014-1492)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 76591
    published 2014-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76591
    title Oracle GlassFish Server Multiple Vulnerabilities (July 2014 CPU)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20131212_NSS__NSPR__AND_NSS_UTIL_ON_SL6_X.NASL
    description A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) It was found that the fix for CVE-2013-1620 released via SLSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash. (CVE-2013-1739) An integer overflow flaw was discovered in both NSS and NSPR's implementation of certification parsing on 64-bit systems. A remote attacker could use these flaws to cause an application using NSS or NSPR to crash. (CVE-2013-1741, CVE-2013-5607) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) After installing this update, applications using NSS, NSPR, or nss-util must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-12-31
    plugin id 71424
    published 2013-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71424
    title Scientific Linux Security Update : nss, nspr, and nss-util on SL6.x i386/x86_64
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_24_1_1_ESR.NASL
    description The installed version of Firefox ESR 24.x is a version prior to 24.1.1, and is, therefore, potentially affected by the following vulnerabilities : - An error exists related to handling input greater than half the maximum size of the 'PRUint32' value. (CVE-2013-1741) - An error exists in the 'Null_Cipher' function in the file 'ssl/ssl3con.c' related to handling invalid handshake packets that could allow arbitrary code execution. (CVE-2013-5605) - An error exists in the 'CERT_VerifyCert' function in the file 'lib/certhigh/certvfy.c' that could allow invalid certificates to be treated as valid. (CVE-2013-5606) - An integer truncation error exists in the function 'PL_ArenaAllocate' in the Netscape Portable Runtime (NSPR) library. (CVE-2013-5607)
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 70948
    published 2013-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70948
    title Firefox ESR 24.x < 24.1.1 NSS and NSPR Multiple Vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1791.NASL
    description From Red Hat Security Advisory 2013:1791 : Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash. (CVE-2013-1739) An integer overflow flaw was discovered in both NSS and NSPR's implementation of certification parsing on 64-bit systems. A remote attacker could use these flaws to cause an application using NSS or NSPR to crash. (CVE-2013-1741, CVE-2013-5607) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) Red Hat would like to thank the Mozilla project for reporting CVE-2013-1741, CVE-2013-5606, and CVE-2013-5607. Upstream acknowledges Tavis Ormandy as the original reporter of CVE-2013-1741, Camilo Viecco as the original reporter of CVE-2013-5606, and Pascal Cuoq, Kamil Dudka, and Wan-Teh Chang as the original reporters of CVE-2013-5607. In addition, the nss package has been upgraded to upstream version 3.15.3, and the nspr package has been upgraded to upstream version 4.10.2. These updates provide a number of bug fixes and enhancements over the previous versions. (BZ#1033478, BZ#1020520) This update also fixes the following bug : * The RHBA-2013:1318 update introduced a regression that prevented the use of certificates that have an MD5 signature. This update fixes this regression and certificates that have an MD5 signature are once again supported. To prevent the use of certificates that have an MD5 signature, set the 'NSS_HASH_ALG_SUPPORT' environment variable to '-MD5'. (BZ#1033499) Users of NSS and NSPR are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 71241
    published 2013-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71241
    title Oracle Linux 5 : nspr / nss (ELSA-2013-1791)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2030-1.NASL
    description Multiple security issues were discovered in NSS. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. This update also adds TLS v1.2 support to Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.04. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 70962
    published 2013-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70962
    title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : nss vulnerabilities (USN-2030-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_17_0_11_ESR.NASL
    description The installed version of Firefox ESR is a version prior to 17.0.11 and is, therefore, potentially affected by a code execution vulnerability related to the function 'Null_Cipher' in the file 'ssl/ssl3con.c' and handling handshake packets.
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 70944
    published 2013-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70944
    title Firefox ESR < 17.0.11 Null_Cipher Code Execution (Mac OS X)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1840.NASL
    description Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.3, and 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) All NSS users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for the changes to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 78988
    published 2014-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78988
    title RHEL 6 : nss (RHSA-2013:1840)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0014.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Added nss-vendor.patch to change vendor - Update some patches on account of the rebase - Resolves: Bug 1099619 - Backport nss-3.12.6 upstream fix required by Firefox 31 - Resolves: Bug 1099619 - Remove two unused patches and apply a needed one that was missed - Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1 - Update to nss-3.16.1 - Resolves: Bug 1112136 - Rebase nss in RHEL 6.5.Z to NSS 3.16.1 - Make pem's derEncodingsMatch function work with encrypted keys - Resolves: Bug 1048713 - [PEM] active FTPS with encrypted client key ends up with SSL_ERROR_TOKEN_INSERTION_REMOVAL - Remove unused patches - Resolves: Bug 1048713 - Resolves: Bug 1048713 - [PEM] active FTPS with encrypted client key ends up with SSL_ERROR_TOKEN_INSERTION_REMOVAL - Revoke trust in one mis-issued anssi certificate - Resolves: Bug 1042685 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117) [rhel-6.6] - Enable patch with fix for deadlock in trust domain lock and object lock - Resolves: Bug 1036477 - deadlock in trust domain lock and object lock - Disable hw gcm on rhel-5 based build environments where OS lacks support - Rollback changes to build nss without softokn until Bug 689919 is approved - Cipher suite was run as part of the nss-softokn build - Update to NSS_3_15_3_RTM - Resolves: Bug 1032470 - CVE-2013-5605 CVE-2013-5606 (CVE-2013-1741) - Using export NSS_DISABLE_HW_GCM=1 to deal with some problemmatic build systems - Resolves: rhbz#1016044 - nss.s390: primary link for libnssckbi.so must be /usr/lib64/libnssckbi.so - Add s390x and ia64 to the %define multilib_arches list used for defining alt_ckbi - Resolves: rhbz#1016044 - nss.s390: primary link for libnssckbi.so must be /usr/lib64/libnssckbi.so - Add zero default value to DISABLETEST check and fix the TEST_FAILURES check and reporting - Resolves: rhbz#990631 - file permissions of pkcs11.txt/secmod.db must be kept when modified by NSS - Related: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Add a zero default value to the DISABLETEST and TEST_FAILURES checks - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Fix the test for zero failures in the %check section - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Restore a mistakenly removed patch - Resolves: rhbz#961659 - SQL backend does not reload certificates - Rebuild for the pem module to link with freel from nss-softokn-3.14.3-6.el6 - Related: rhbz#993441 - NSS needs to conform to new FIPS standard. - Related: rhbz#1010224 - NSS 3.15 breaks SSL in OpenLDAP clients - Don't require nss-softokn-fips - Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard. - Additional syntax fixes in nss-versus-softoken-test.patch - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Fix all.sh test for which application was last build by updating nss-versus-softoken-test.path - Resolves: rhbz#1002645 - Rebase RHEL 6 to NSS 3.15.1 (for FF 24.x) - Disable the cipher suite already run as part of the nss-softokn build - Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard. - Require nss-softokn-fips - Resolves: rhbz#993441 - NSS needs to conform to new FIPS standard.
    last seen 2019-01-16
    modified 2018-07-24
    plugin id 79537
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79537
    title OracleVM 3.3 : nss (OVMSA-2014-0014)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201406-19.NASL
    description The remote host is affected by the vulnerability described in GLSA-201406-19 (Mozilla Network Security Service: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Mozilla Network Security Service. Please review the CVE identifiers referenced below for more details about the vulnerabilities. Impact : A remote attacker can cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-07-13
    plugin id 76178
    published 2014-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76178
    title GLSA-201406-19 : Mozilla Network Security Service: Multiple vulnerabilities
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-265.NASL
    description A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) It was found that the fix for CVE-2013-1620 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash. (CVE-2013-1739) An integer overflow flaw was discovered in both NSS and NSPR's implementation of certification parsing on 64-bit systems. A remote attacker could use these flaws to cause an application using NSS or NSPR to crash. (CVE-2013-1741 , CVE-2013-5607) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606)
    last seen 2019-01-16
    modified 2018-04-18
    plugin id 71577
    published 2013-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71577
    title Amazon Linux AMI : nss (ALAS-2013-265)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20131205_NSS_AND_NSPR_ON_SL5_X.NASL
    description A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) It was found that the fix for CVE-2013-1620 released via SLSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash. (CVE-2013-1739) An integer overflow flaw was discovered in both NSS and NSPR's implementation of certification parsing on 64-bit systems. A remote attacker could use these flaws to cause an application using NSS or NSPR to crash. (CVE-2013-1741, CVE-2013-5607) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) In addition, the nss package has been upgraded to upstream version 3.15.3, and the nspr package has been upgraded to upstream version 4.10.2. These updates provide a number of bug fixes and enhancements over the previous versions. This update also fixes the following bug : - The SLBA-2013:1318 update introduced a regression that prevented the use of certificates that have an MD5 signature. This update fixes this regression and certificates that have an MD5 signature are once again supported. To prevent the use of certificates that have an MD5 signature, set the 'NSS_HASH_ALG_SUPPORT' environment variable to '-MD5'. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-12-31
    plugin id 71306
    published 2013-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71306
    title Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-22756.NASL
    description This update rebases the nss, nss-util, and nss-softokn packages to nss-3.15.3 and nspr to nspr-4.10.2 in order to address security-relevant bugs have been resolved in NSS 3.15.3. For further details please refer to the upstream release notes at https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes Included are some fixes to the manpages. For best results you should upgrade all packages at once including any devel packages. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-24
    plugin id 71423
    published 2013-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71423
    title Fedora 20 : nspr-4.10.2-1.fc20 / nss-3.15.3-2.fc20 / nss-softokn-3.15.3-1.fc20 / etc (2013-22756)
  • NASL family Windows
    NASL id SEAMONKEY_2221.NASL
    description The installed version of SeaMonkey is a version prior to 2.22.1 and is, therefore, potentially affected by the following vulnerabilities : - An error exists related to handling input greater than half the maximum size of the 'PRUint32' value. (CVE-2013-1741) - An error exists in the 'Null_Cipher' function in the file 'ssl/ssl3con.c' related to handling invalid handshake packets that could allow arbitrary code execution. (CVE-2013-5605) - An error exists in the 'CERT_VerifyCert' function in the file 'lib/certhigh/certvfy.c' that could allow invalid certificates to be treated as valid. (CVE-2013-5606) - An integer truncation error exists in the function 'PL_ArenaAllocate' in the Netscape Portable Runtime (NSPR) library. (CVE-2013-5607)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 70950
    published 2013-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70950
    title SeaMonkey < 2.22.1 NSS and NSPR Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_NSS-201311-131121.NASL
    description Mozilla NSPR and NSS were updated to fix various security bugs that could be used to crash the browser or potentially execute code. Mozilla NSPR 4.10.2 has the following bug fixes : - Bug 770534: Possible pointer overflow in PL_ArenaAllocate(). Fixed by Pascal Cuoq and Kamil Dudka. - Bug 888546: ptio.c:PR_ImportUDPSocket doesn't work. Fixed by Miloslav Trmac. - Bug 915522: VS2013 support for NSPR. Fixed by Makoto Kato. - Bug 927687: Avoid unsigned integer wrapping in PL_ArenaAllocate. (CVE-2013-5607) Mozilla NSS 3.15.3 is a patch release for NSS 3.15 and includes the following bug fixes : - Bug 925100: Ensure a size is <= half of the maximum PRUint32 value. (CVE-2013-1741) - Bug 934016: Handle invalid handshake packets. (CVE-2013-5605) - Bug 910438: Return the correct result in CERT_VerifyCert on failure, if a verifyLog isn't used. (CVE-2013-5606)
    last seen 2019-01-16
    modified 2013-12-03
    plugin id 71172
    published 2013-12-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71172
    title SuSE 11.2 / 11.3 Security Update : mozilla-nspr, mozilla-nss (SAT Patch Numbers 8572 / 8573)
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_24_1_1.NASL
    description The installed version of Thunderbird is earlier than 24.1.1 and is, therefore, potentially affected the following vulnerabilities: - An error exists related to handling input greater than half the maximum size of the 'PRUint32' value. (CVE-2013-1741) - An error exists in the 'Null_Cipher' function in the file 'ssl/ssl3con.c' related to handling invalid handshake packets that could allow arbitrary code execution. (CVE-2013-5605) - An error exists in the 'CERT_VerifyCert' function in the file 'lib/certhigh/certvfy.c' that could allow invalid certificates to be treated as valid. (CVE-2013-5606) - An integer truncation error exists in the function 'PL_ArenaAllocate' in the Netscape Portable Runtime (NSPR) library. (CVE-2013-5607)
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 71045
    published 2013-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71045
    title Mozilla Thunderbird < 24.1.1 NSS and NSPR Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2032-1.NASL
    description Multiple security issues were discovered in Thunderbird. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. (CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5607). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 71036
    published 2013-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71036
    title Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : thunderbird vulnerabilities (USN-2032-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1829.NASL
    description Updated nss, nspr, and nss-util packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash. (CVE-2013-1739) An integer overflow flaw was discovered in both NSS and NSPR's implementation of certification parsing on 64-bit systems. A remote attacker could use these flaws to cause an application using NSS or NSPR to crash. (CVE-2013-1741, CVE-2013-5607) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) Red Hat would like to thank the Mozilla project for reporting CVE-2013-1741, CVE-2013-5606, and CVE-2013-5607. Upstream acknowledges Tavis Ormandy as the original reporter of CVE-2013-1741, Camilo Viecco as the original reporter of CVE-2013-5606, and Pascal Cuoq, Kamil Dudka, and Wan-Teh Chang as the original reporters of CVE-2013-5607. All NSS, NSPR, and nss-util users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, applications using NSS, NSPR, or nss-util must be restarted for this update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 71380
    published 2013-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71380
    title CentOS 6 : nspr / nss / nss-util (CESA-2013:1829)
  • NASL family CGI abuses
    NASL id ORACLE_OPENSSO_AGENT_CPU_OCT_2014.NASL
    description The Oracle OpenSSO agent installed on the remote host is missing a vendor-supplied update. It is, therefore, affected by multiple vulnerabilities in the bundled Mozilla Network Security Services, the most serious of which can allow remote code execution.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 78774
    published 2014-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78774
    title Oracle OpenSSO Agent Multiple Vulnerabilities (October 2014 CPU)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2031-1.NASL
    description Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. (CVE-2013-1741, CVE-2013-2566, CVE-2013-5605, CVE-2013-5607). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 71021
    published 2013-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71021
    title Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2031-1)
  • NASL family Windows
    NASL id IPLANET_WEB_PROXY_4_0_24.NASL
    description The remote host has a version of Oracle iPlanet Web Proxy Server (formerly Sun Java System Web Proxy Server) 4.0 prior to 4.0.24. It is, therefore, affected by the following vulnerabilities : - The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (CVE-2013-1739) - The implementation of Network Security Services (NSS) does not properly handle the TLS False Start feature and could allow man-in-the-middle attacks. (CVE-2013-1740) - An error exists related to handling input greater than half the maximum size of the 'PRUint32' value. (CVE-2013-1741) - An error exists in the 'Null_Cipher' function in the file 'ssl/ssl3con.c' related to handling invalid handshake packets that could allow arbitrary code execution. (CVE-2013-5605) - An error exists in the 'CERT_VerifyCert' function in the file 'lib/certhigh/certvfy.c' that could allow invalid certificates to be treated as valid. (CVE-2013-5606) - Network Security Services (NSS) contains a race condition in libssl that occurs during session ticket processing. A remote attacker can exploit this flaw to cause a denial of service. (CVE-2014-1490) - Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491) - An issue exists in the Network Security (NSS) library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue could allow man-in- the-middle attacks. (CVE-2014-1492)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 76592
    published 2014-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76592
    title Oracle iPlanet Web Proxy Server 4.0 < 4.0.24 Multiple Vulnerabilities
redhat via4
advisories
  • rhsa
    id RHSA-2013:1791
  • rhsa
    id RHSA-2013:1829
  • rhsa
    id RHSA-2013:1840
  • rhsa
    id RHSA-2013:1841
  • rhsa
    id RHSA-2014:0041
rpms
  • nspr-0:4.10.2-2.el5_10
  • nspr-devel-0:4.10.2-2.el5_10
  • nss-0:3.15.3-3.el5_10
  • nss-devel-0:3.15.3-3.el5_10
  • nss-pkcs11-devel-0:3.15.3-3.el5_10
  • nss-tools-0:3.15.3-3.el5_10
  • nspr-0:4.10.2-1.el6_5
  • nspr-devel-0:4.10.2-1.el6_5
  • nss-util-0:3.15.3-1.el6_5
  • nss-util-devel-0:3.15.3-1.el6_5
  • nss-0:3.15.3-2.el6_5
  • nss-devel-0:3.15.3-2.el6_5
  • nss-pkcs11-devel-0:3.15.3-2.el6_5
  • nss-sysinit-0:3.15.3-2.el6_5
  • nss-tools-0:3.15.3-2.el6_5
refmap via4
bid 63738
bugtraq 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
confirm
debian DSA-2800
fulldisc 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
gentoo
  • GLSA-201406-19
  • GLSA-201504-01
suse
  • SUSE-SU-2013:1807
  • openSUSE-SU-2013:1730
  • openSUSE-SU-2013:1732
ubuntu
  • USN-2030-1
  • USN-2031-1
  • USN-2032-1
Last major update 30-12-2016 - 21:59
Published 18-11-2013 - 00:23
Last modified 09-10-2018 - 15:34
Back to Top