ID CVE-2016-3099
Summary mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.
References
Vulnerable Configurations
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux HPC Node 7.0
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-327
CAPEC
  • Encryption Brute Forcing
    An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.
  • Creating a Rogue Certificate Authority Certificate
    An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .
  • Signature Spoof
    An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
  • Cryptanalysis
    Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as: 1. Total Break - Finding the secret key 2. Global Deduction - Finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key. 3. Information Deduction - Gaining some information about plaintexts or ciphertexts that was not previously known 4. Distinguishing Algorithm - The attacker has the ability to distinguish the output of the encryption (ciphertext) from a random permutation of bits The goal of the attacker performing cryptanalysis will depend on the specific needs of the attacker in a given attack context. In most cases, if cryptanalysis is successful at all, an attacker will not be able to go past being able to deduce some information about the plaintext (goal 3). However, that may be sufficient for an attacker, depending on the context.
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-8B28358B72.NASL
    description Security fix for CVE-2016-3099 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 90734
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90734
    title Fedora 23 : mod_nss-1.0.12-3.fc23 (2016-8b28358b72)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-1EAAF1ED0F.NASL
    description Security fix for CVE-2016-3099 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 90951
    published 2016-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90951
    title Fedora 24 : mod_nss-1.0.12-4.fc24 (2016-1eaaf1ed0f)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-2602.NASL
    description From Red Hat Security Advisory 2016:2602 : An update for mod_nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library. The following packages have been upgraded to a newer upstream version: mod_nss (1.0.14). (BZ#1299063) Security Fix(es) : * A flaw was found in the way mod_nss parsed certain OpenSSL-style cipher strings. As a result, mod_nss could potentially use ciphers that were not intended to be enabled. (CVE-2016-3099) This issue was discovered by Rob Crittenden (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-07-25
    plugin id 94721
    published 2016-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94721
    title Oracle Linux 7 : mod_nss (ELSA-2016-2602)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20161103_MOD_NSS_ON_SL7_X.NASL
    description The following packages have been upgraded to a newer upstream version: mod_nss (1.0.14). Security Fix(es) : - A flaw was found in the way mod_nss parsed certain OpenSSL-style cipher strings. As a result, mod_nss could potentially use ciphers that were not intended to be enabled. (CVE-2016-3099) This issue was discovered by Rob Crittenden (Red Hat). Additional Changes :
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 95848
    published 2016-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95848
    title Scientific Linux Security Update : mod_nss on SL7.x x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2396-1.NASL
    description This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements : - Fix OpenSSL ciphers stopped parsing at +. (CVE-2016-3099) - Created valgrind suppression files to ease debugging. - Implement SSL_PPTYPE_FILTER to call executables to get the key password pins. - Improvements to migrate.pl. - Update default ciphers to something more modern and secure. - Check for host and netstat commands in gencert before trying to use them. - Add server support for DHE ciphers. - Extract SAN from server/client certificates into env - Fix memory leaks and other coding issues caught by clang analyzer. - Add support for Server Name Indication (SNI). - Add support for SNI for reverse proxy connections. - Add RenegBufferSize? option. - Add support for TLS Session Tickets (RFC 5077). - Fix logical AND support in OpenSSL cipher compatibility. - Correctly handle disabled ciphers. (CVE-2015-5244) - Implement a slew more OpenSSL cipher macros. - Fix a number of illegal memory accesses and memory leaks. - Support for SHA384 ciphers if they are available in NSS. - Add compatibility for mod_ssl-style cipher definitions. - Add TLSv1.2-specific ciphers. - Completely remove support for SSLv2. - Add support for sqlite NSS databases. - Compare subject CN and VS hostname during server start up. - Add support for enabling TLS v1.2. - Don't enable SSL 3 by default. (CVE-2014-3566) - Fix CVE-2013-4566. - Move nss_pcache to /usr/libexec. - Support httpd 2.4+. - SHA256 cipher names change spelling from *_sha256 to *_sha_256. - Use apache2-systemd-ask-pass to prompt for a certificate passphrase. (bsc#972968, bsc#975394) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93767
    published 2016-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93767
    title SUSE SLES12 Security Update : apache2-mod_nss (SUSE-SU-2016:2396-1) (POODLE)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-85E9F2E3CD.NASL
    description Security fix for CVE-2016-3099 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 90733
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90733
    title Fedora 22 : mod_nss-1.0.11-7.fc22 (2016-85e9f2e3cd)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-2602.NASL
    description An update for mod_nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library. The following packages have been upgraded to a newer upstream version: mod_nss (1.0.14). (BZ#1299063) Security Fix(es) : * A flaw was found in the way mod_nss parsed certain OpenSSL-style cipher strings. As a result, mod_nss could potentially use ciphers that were not intended to be enabled. (CVE-2016-3099) This issue was discovered by Rob Crittenden (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 95348
    published 2016-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95348
    title CentOS 7 : mod_nss (CESA-2016:2602)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-714.NASL
    description It was reported that +CIPHER operator in OpenSSL changes the order of a cipher. Instead of returning an error (as NSS does not support cipher ordering), it returned the result of processing up to that point, which could result in requested ciphers not being enabled.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 91628
    published 2016-06-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91628
    title Amazon Linux AMI : mod24_nss (ALAS-2016-714)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2602.NASL
    description An update for mod_nss is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library. The following packages have been upgraded to a newer upstream version: mod_nss (1.0.14). (BZ#1299063) Security Fix(es) : * A flaw was found in the way mod_nss parsed certain OpenSSL-style cipher strings. As a result, mod_nss could potentially use ciphers that were not intended to be enabled. (CVE-2016-3099) This issue was discovered by Rob Crittenden (Red Hat). Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94565
    published 2016-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94565
    title RHEL 7 : mod_nss (RHSA-2016:2602)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2285-1.NASL
    description This update provides apache2-mod_nss 1.0.14, which brings several fixes and enhancements : - Fix OpenSSL ciphers stopped parsing at +. (CVE-2016-3099) - Created valgrind suppression files to ease debugging. - Implement SSL_PPTYPE_FILTER to call executables to get the key password pins. - Improvements to migrate.pl. - Update default ciphers to something more modern and secure. - Check for host and netstat commands in gencert before trying to use them. - Add server support for DHE ciphers. - Extract SAN from server/client certificates into env - Fix memory leaks and other coding issues caught by clang analyzer. - Add support for Server Name Indication (SNI). - Add support for SNI for reverse proxy connections. - Add RenegBufferSize? option. - Add support for TLS Session Tickets (RFC 5077). - Fix logical AND support in OpenSSL cipher compatibility. - Correctly handle disabled ciphers. (CVE-2015-5244) - Implement a slew more OpenSSL cipher macros. - Fix a number of illegal memory accesses and memory leaks. - Support for SHA384 ciphers if they are available in NSS. - Add compatibility for mod_ssl-style cipher definitions. - Add TLSv1.2-specific ciphers. - Completely remove support for SSLv2. - Add support for sqlite NSS databases. - Compare subject CN and VS hostname during server start up. - Add support for enabling TLS v1.2. - Don't enable SSL 3 by default. (CVE-2014-3566) - Fix CVE-2013-4566. - Move nss_pcache to /usr/libexec. - Support httpd 2.4+. - Use apache2-systemd-ask-pass to prompt for a certificate passphrase. (bsc#972968, bsc#975394) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93457
    published 2016-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93457
    title SUSE SLES12 Security Update : apache2-mod_nss (SUSE-SU-2016:2285-1) (POODLE)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2016-1070.NASL
    description According to the version of the mod_nss package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way mod_nss parsed certain OpenSSL-style cipher strings. As a result, mod_nss could potentially use ciphers that were not intended to be enabled. (CVE-2016-3099) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99832
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99832
    title EulerOS 2.0 SP1 : mod_nss (EulerOS-SA-2016-1070)
redhat via4
advisories
bugzilla
id 1364560
title mod_nss leaks semaphores
oval
AND
  • comment mod_nss is earlier than 0:1.0.14-7.el7
    oval oval:com.redhat.rhsa:tst:20162602005
  • comment mod_nss is signed with Red Hat redhatrelease2 key
    oval oval:com.redhat.rhba:tst:20111656006
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
rhsa
id RHSA-2016:2602
released 2016-11-03
severity Low
title RHSA-2016:2602: mod_nss security, bug fix, and enhancement update (Low)
rpms mod_nss-0:1.0.14-7.el7
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1319052
fedora
  • FEDORA-2016-1eaaf1ed0f
  • FEDORA-2016-85e9f2e3cd
  • FEDORA-2016-8b28358b72
Last major update 08-06-2017 - 15:29
Published 08-06-2017 - 15:29
Last modified 16-06-2017 - 10:23
Back to Top