Antoine Delignat-Lavaud, security researcher at Inria Paris in team
Prosecco, reported an issue in Network Security Services (NSS) libraries
affecting all versions. He discovered that NSS is vulnerable to a
variant of a signature forgery attack previously published by Daniel
Bleichenbacher. This is due to lenient parsing of ASN.1 values involved
in a signature and could lead to the forging of RSA certificates.

The Advanced Threat Research team at Intel Security also independently
discovered and reported this issue.

OSVersionArchitecturePackageVersionFilename
anyanyanynss< 3.17.1-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
any	any	any	nss	< 3.17.1-1	UNKNOWN

References

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1568

www.mozilla.org/security/announce/2014/mfsa2014-73.html

nessus 49

suse 6

prion 3

osv 3

mozilla 1

cert 1

debian 4

openvas 49

centos 1

fedora 9

veracode 1

redhat 3

mageia 1

amazon 3

ubuntu 3

cve 3

checkpoint_advisories 1

freebsd 2

debiancve 3

ubuntucve 2

oraclelinux 2

chrome 1

redhatcve 1

alpinelinux 1

ibm 4

securityvulns 3

oracle 3

gentoo 1

nessus

Oracle Linux 5 / 6 / 7 : nss (ELSA-2014-1307)

2014-09-29 00:00:00

Mandriva Linux Security Advisory : nss (MDVSA-2014:189)

2014-09-26 00:00:00

Debian DSA-3034-1 : iceweasel - security update

2014-09-26 00:00:00

suse

NSS update to avoid signature forgery (critical)

2014-09-28 12:04:18

Security update for mozilla-nss (important)

2014-10-01 17:04:53

Security update for mozilla-nss (important)

2014-09-27 00:04:18

prion

Design/Logic Flaw

2014-09-25 17:55:00

Design/Logic Flaw

2018-09-26 21:29:00

Code injection

2018-11-07 20:29:00

osv

nss - security update

2014-09-25 00:00:00

CVE-2018-16253

2018-11-07 20:29:00

CVE-2018-16152

2018-09-26 21:29:01

mozilla

RSA Signature Forgery in NSS — Mozilla

2014-09-24 00:00:00

cert

Mozilla Network Security Services (NSS) fails to properly verify RSA signatures

2014-09-24 00:00:00

debian

[SECURITY] [DSA 3033-1] nss security update

2014-09-25 00:23:40

[SECURITY] [DSA 3037-1] icedove security update

2014-09-26 19:31:43

[SECURITY] [DSA 3034-1] iceweasel security update

2014-09-25 06:25:14

openvas

Mozilla Firefox ESR RSA Spoof Vulnerability (Sep 2014) - Windows

2014-09-29 00:00:00

CentOS Update for nss CESA-2014:1307 centos7

2014-10-01 00:00:00

Seamonkey RSA Spoof Vulnerability (Sep 2014) - Mac OS X

2014-09-30 00:00:00

centos

nss security update

2014-09-26 11:29:24

fedora

[SECURITY] Fedora 21 Update: nss-3.17.1-1.fc21

2014-09-29 04:00:07

[SECURITY] Fedora 21 Update: nss-softokn-3.17.1-2.fc21

2014-09-29 04:00:06

[SECURITY] Fedora 21 Update: nss-util-3.17.1-1.fc21

2014-09-29 04:00:07

veracode

Spoofable RSA Signatures

2019-01-15 09:01:59

redhat

(RHSA-2014:1307) Important: nss security update

2014-09-26 00:00:00

(RHSA-2014:1371) Important: nss security update

2014-10-10 00:00:00

(RHSA-2014:1354) Critical: rhev-hypervisor6 security update

2014-10-02 00:00:00

mageia

Updated nss packages fix CVE-2014-1568

2014-09-26 19:55:04

amazon

Important: nss

2014-10-01 16:32:00

Important: nss-softokn

2014-10-01 16:32:00

Important: nss-util

2014-10-01 16:32:00

ubuntu

Thunderbird vulnerabilities

2014-09-24 00:00:00

Firefox vulnerabilities

2014-09-24 00:00:00

NSS vulnerability

2014-09-24 00:00:00

cve

CVE-2014-1568

2014-09-25 17:55:00

CVE-2018-16152

2018-09-26 21:29:00

CVE-2018-16253

2018-11-07 20:29:00

checkpoint_advisories

Mozilla Network Security Services RSA Signature Forgery (CVE-2014-1568)

2014-10-19 00:00:00

freebsd

NSS -- RSA Signature Forgery

2014-09-23 00:00:00

chromium -- RSA signature malleability in NSS

2014-09-24 00:00:00

debiancve

CVE-2014-1568

2014-09-25 17:55:00

CVE-2018-16253

2018-11-07 20:29:00

CVE-2018-16152

2018-09-26 21:29:00

ubuntucve

CVE-2014-1568

2014-09-24 00:00:00

CVE-2018-16152

2018-09-24 00:00:00

oraclelinux

nss security update

2014-09-26 00:00:00

nss, nss-util, and nss-softokn security, bug fix, and enhancement update

2014-12-02 00:00:00

chrome

Stable Channel Update

2014-09-24 00:00:00

redhatcve

CVE-2018-16152

2018-10-03 20:20:39

alpinelinux

CVE-2018-16152

2018-09-26 21:29:00

ibm

Security Bulletin: IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities (CVE-2014-3566, CVE-2014-6145, CVE-2014-1568, CVE-2014-4263, CVE-2012-5784, CVE-2014-3513, CVE-2014-3567 and CVE-2014-3568).

2018-06-15 23:13:34

Security Bulletin: A security vulnerability has been identified in multiple products that ship with IBM Predictive Customer Intelligence (CVE-2014-3566)

2020-02-11 21:31:00

Security Bulletin: Tivoli Common Reporting iFixes for multiple Security Vulnerabilities (CVE-2014-3566,CVE-2014-6145,CVE-2014-1568,CVE-2014-4263,CVE-2014-3513,CVE-2014-3567,CVE-2014-3568,CVE-2014-0107,CVE-2014-0075,CVE-2014-0096,CVE-2014-0099,CVE-2014-011

2018-06-17 14:55:57

securityvulns

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

2015-04-17 00:00:00

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

2015-01-25 00:00:00

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

2015-07-20 00:00:00

oracle

Oracle Critical Patch Update - April 2015

2015-04-14 00:00:00

Oracle Critical Patch Update Advisory - January 2015

2015-03-10 00:00:00

Oracle Critical Patch Update Advisory - July 2015

2015-07-14 00:00:00

gentoo

Mozilla Products: Multiple vulnerabilities

2015-04-07 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.061 Low

EPSS

Percentile

92.7%

JSON

Related for ASA-201409-1