ID CVE-2015-0800 Type cve Reporter cve@mitre.org Modified 2016-10-04T02:02:00
Description
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808.
{"id": "CVE-2015-0800", "bulletinFamily": "NVD", "title": "CVE-2015-0800", "description": "The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808.", "published": "2015-04-01T10:59:00", "modified": "2016-10-04T02:02:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0800", "reporter": "cve@mitre.org", "references": ["http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "http://www.mozilla.org/security/announce/2015/mfsa2015-41.html", "https://bugzilla.mozilla.org/show_bug.cgi?id=1110212", "http://www.securitytracker.com/id/1031996"], "cvelist": ["CVE-2015-0800"], "type": "cve", "lastseen": "2021-02-02T06:21:20", "edition": 6, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "mozilla", "idList": ["MFSA2015-41"]}, {"type": "symantec", "idList": ["SMNTC-1351"]}, {"type": "freebsd", "idList": ["D0C97697-DF2C-4B8B-BFF2-CEC24DC35AF8"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_D0C97697DF2C4B8BBFF2CEC24DC35AF8.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14355"]}], "modified": "2021-02-02T06:21:20", "rev": 2}, "score": {"value": 4.8, "vector": "NONE", "modified": "2021-02-02T06:21:20", "rev": 2}, "vulnersScore": 4.8}, "cpe": ["cpe:/a:mozilla:firefox:36.0.4"], "affectedSoftware": [{"cpeName": "mozilla:firefox", "name": "mozilla firefox", "operator": "le", "version": "36.0.4"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:mozilla:firefox:36.0.4:*:*:*:*:*:*:*"], "cwe": ["CWE-200"], "scheme": null, "affectedConfiguration": [{"cpeName": "google:android", "name": "google android", "operator": "eq", "version": "*"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:36.0.4:*:*:*:*:*:*:*", "versionEndIncluding": "36.0.4", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "extraReferences": [{"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"}, {"name": "1031996", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id/1031996"}, {"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-41.html", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-41.html"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1110212", "refsource": "CONFIRM", "tags": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1110212"}], "immutableFields": []}
{"mozilla": [{"lastseen": "2016-09-05T13:37:51", "bulletinFamily": "software", "cvelist": ["CVE-2015-0800"], "description": "Mozilla developer Daniel Stenberg reported that the DNS\nresolver in Firefox for Android uses an insufficiently random algorithm when\ngenerating random numbers for the unique identifier. This was derived from an\nold version of the Bionic libc library and suffered from\ninsufficient randomness in the pseudo-random number generator (PRNG) as described by Roee\nHay and Roi Saltzman.\n\nThis leaves Firefox on Android potentially vulnerable to DNS poisoning\nattacks because an attacker may be able to predict the identifier used, allowing\nfor the spoofing of web sites and cookie theft.\n\nThis flaw did not affect desktop versions of Mozilla products\nand only Firefox for Android was affected.", "edition": 1, "modified": "2015-03-31T00:00:00", "published": "2015-03-31T00:00:00", "id": "MFSA2015-41", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-41/", "type": "mozilla", "title": "PRNG weakness allows for DNS poisoning on Android", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "symantec": [{"lastseen": "2021-03-14T10:45:15", "bulletinFamily": "software", "cvelist": ["CVE-2015-0705", "CVE-2015-0798", "CVE-2015-0800", "CVE-2016-0702", "CVE-2016-0703", "CVE-2016-0704", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-0798", "CVE-2016-0799", "CVE-2016-0800", "CVE-2016-2842"], "description": "### SUMMARY\n\nBlue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to decrypt live and recorded SSL sessions, cause denial of service through application crashes, and possibly execute arbitrary code. A local, authenticated attacker can also recover RSA private keys. \n \n\n\n### AFFECTED PRODUCTS\n\nThe following products are vulnerable:\n\n**Advanced Secure Gateway** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0797, CVE-2016-0799, \nCVE-2016-2842 | 6.7 and later | Not vulnerable, fixed in 6.7.2.1 \n6.6 | Upgrade to 6.6.5.4. \nCVE-2016-0705, CVE-2016-0798 | 6.7 | Not vulnerable, fixed in 6.7.2.1 \n6.6 (not vulnerable to known vectors of attack) | Upgrade to 6.6.5.13. \nCVE-2015-0800 | 6.6 and later (only when SSLv2 enabled for management console, forward proxy, or reverse proxy) | See Mitigation section for instructions to disable SSLv2. \n \n \n\n**Android Mobile Agent** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0797, CVE-2016-0799, \nCVE-2016-2842 | 1.3 | Upgrade to 1.3.8. \n \n \n\n**BCAAA** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0702, CVE-2016-0705, \nCVE-2016-0797, CVE-2016-0799, \nCVE-2016-2842 | 6.1 (only when a Novell SSO realm is used) | An updated Novell SSO SDK is no longer available. Please, contact Novell for more information. \n \n \n\n**CacheFlow** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0797, CVE-2016-0799, \nCVE-2016-2842 | 3.4 | Upgrade to 3.4.2.7. \nCVE-2016-0705, CVE-2016-0798 | 3.4 (not vulnerable to known vectors of attack) | Upgrade to 3.4.2.8. \nCVE-2015-0800 | 3.4 | See Mitigation section for instructions to disable SSLv2. \n \n \n\n**Client Connector** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0702, CVE-2016-0797, \nCVE-2016-0799, CVE-2016-2842 | 1.6 | Upgrade to latest release of Unified Agent with fixes. \n \n \n\n**Content Analysis System** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0705, CVE-2016-0797, \nCVE-2016-0799, CVE-2016-2842 | 2.1 and later | Not vulnerable, fixed in 2.1.1.1 \n1.3 | Upgrade to 1.3.7.1. \n1.2 | Upgrade to later release with fixes. \nCVE-2015-0800 | 1.2 and later (secure ICAP server) | See Mitigation section for instructions to disable SSLv2. \n1.3 (management console) | Not vulnerable, fixed in 1.3.1.1 \n1.2 (management console) | Upgrade to 1.2.4.5. \n \n \n\n**Director** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0702, CVE-2016-0797, \nCVE-2016-0799, CVE-2016-0800, \nCVE-2016-2842 | 6.1 | Upgrade to 6.1.22.1. \n \n \n\n**IntelligenceCenter** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0702, CVE-2016-0705, \nCVE-2016-0797, CVE-2016-0798, \nCVE-2016-0799, CVE-2016-0800, \nCVE-2016-2842 | 3.3 | Upgrade to a version of NetDialog NetX with fixes. \n \n \n\n**Mail Threat Defense** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0705, CVE-2016-0797 | 1.1 | Upgrade to 1.1.2.1. \nCVE-2016-0702, CVE-2016-0800 | 1.1 (not vulnerable to known vectors of attack) | Upgrade to 1.1.2.1. \nCVE-2016-0799, CVE-2016-2842 | 1.1 | Not available at this time \n \n \n\n**Malware Analysis Appliance** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0702, CVE-2016-0797, \nCVE-2016-0799, CVE-2016-2842 | 4.2 | Upgrade to 4.2.9. \n \n \n\n**Management Center** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0799, CVE-2016-2842 | 1.6 and later | Not vulnerable, fixed in 1.6.1.1 \n1.5 | Upgrade to later release with fixes. \n \n \n\n**Norman Shark Industrial Control System Protection** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0797, CVE-2016-0799, \nCVE-2016-2842 | 5.4 and later | Not vulnerable, fixed in 5.4.1 \n5.3 | Upgrade to 5.3.6. \n \n \n\n**Norman Shark Network Protection** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0797, CVE-2016-0799, \nCVE-2016-2842 | 5.3 | Upgrade to 5.3.6. \n \n \n\n**Norman Shark SCADA Protection** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0797, CVE-2016-0799, \nCVE-2016-2842 | 5.3 | Upgrade to 5.3.6. \n \n \n\n**PacketShaper** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0797, CVE-2016-0799, \nCVE-2016-2842 | 9.2 | Upgrade to 9.2.13p2. \n \n \n\n**PacketShaper S-Series** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 11.6 and later | Not vulnerable, fixed in 11.6.1.1 \nCVE-2016-0702, CVE-2016-0705, \nCVE-2016-0797, CVE-2016-0800 | 11.5 | Upgrade to 11.5.3.1. \nCVE-2016-0799, CVE-2016-2842 | 11.5 | Upgrade to 11.5.3.2. \nAll CVEs | 11.2, 11.3, 11.4 | Upgrade to later release with fixes. \n \n \n\n**PolicyCenter** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0797, CVE-2016-0799, \nCVE-2016-2842 | 9.2 | Upgrade to 9.2.13p2. \n \n \n\n**PolicyCenter S-Series** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0702, CVE-2016-0705, \nCVE-2016-0797, CVE-2016-0800 | 1.1 | Upgrade to 1.1.2.1. \nCVE-2016-0799, CVE-2016-2842 | 1.1 | Upgrade to 1.1.2.2. \n \n \n\n**ProxyAV** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0703, CVE-2016-0704, \nCVE-2016-0705, CVE-2016-0797, \nCVE-2016-0799, CVE-2016-2842 | 3.5 | Upgrade to 3.5.4.2. \nCVE-2016-0800 | 3.5 | See Mitigation section for instructions to disable SSLv2. \n \n \n\n**ProxyClient** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0702, CVE-2016-0797, \nCVE-2016-0799, CVE-2016-2842 | 3.4 | Upgrade to latest release of Unified Agent with fixes. \n \n \n\n**ProxySG** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs except CVE-2016-0800 | 6.7 and later | Not vulnerable, fixed in 6.7.1.1 \nCVE-2016-0800 | 6.5 and later (only when SSLv2 enabled for management console, forward proxy, or reverse proxy) | See Mitigation section for instructions to disable SSLv2. \nCVE-2016-0702, CVE-2016-0797 | 6.6 | Upgrade to 6.6.4.3. \n6.5 | Upgrade to 6.5.9.8. \nCVE-2016-0799, CVE-2016-2842 | 6.6 | Upgrade to 6.6.4.1. \n6.5 | Upgrade to 6.5.9.8. \nCVE-2016-0705, CVE-2016-0798 | 6.6 (not vulnerable to known vectors of attack) | Upgrade to 6.6.5.13. \n6.5 (not vulnerable to known vectors of attack) | Upgrade to 6.5.10.4. \n \n \n\n**Reporter** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0702 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 \n10.1 (not vulnerable to known vectors of attack) | Upgrade to 10.1.4.1. \n9.5 | Upgrade to 9.5.3.1. \n9.4 | Upgrade to later release with fixes. \nCVE-2016-0703, CVE-2016-0704 | 10.1 and later | Not vulnerable, fixed in 10.1.1.1 \n9.5 | Upgrade to 9.5.3.1. \n9.4 | Upgrade to later release with fixes. \nCVE-2016-0705 | 10.2 | Not vulnerable, fixed in 10.2.1.1 \n10.1 (not vulnerable to known vectors of attack) | Upgrade to 10.1.4.1. \n9.5 (not vulnerable to known vectors of attack) | Upgrade to 9.5.3.1. \n9.4 | Not vulnerable \nCVE-2016-0797 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 \n10.1 | Upgrade to 10.1.4.1. \n9.5 | Upgrade to 9.5.3.1. \n9.4 | Upgrade to later release with fixes. \nCVE-2016-0798 | 10.1 and later | Not vulnerable \n9.5 (not vulnerable to known vectors of attack) | Upgrade to 9.5.3.1. \n9.4 | Not vulnerable \nCVE-2016-0799, CVE-2016-2842 | 10.2 and later | Not vulnerable, fixed in 10.2.1.1 \n10.1 | Upgrade to 10.1.4.2. \n9.5 | Upgrade to 9.5.3.1. \n9.4 | Upgrade to later release with fixes. \nCVE-2016-0800 | 9.4, 9.5 | See Mitigation section for instructions to disable SSLv2. \n \n \n\n**Security Analytics** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nAll CVEs | 7.2 and later | Not vulnerable, fixed in 7.2.1. \nCVE-2016-0702, CVE-2016-0705, \nCVE-2016-0797, CVE-2016-0798 | 7.1 | Upgrade to 7.1.11. \n7.0 | Upgrade to later release with fixes. \n6.6 | Upgrade to 6.6.12. \nCVE-2016-0799, CVE-2016-2842 | 7.1 | Apply patch RPM from customer support. \n7.0 | Upgrade to later release with fixes. \n6.6 | Apply patch RPM from customer support. \n \n \n\n**SSL Visibility** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0797, CVE-2016-0799, \nCVE-2016-2842 | 3.10 and later | Not vulnerable, fixed in 3.10.1.1 \n3.9 | Upgrade to 3.9.3.6 \n3.8.4FC | Upgrade to later release with fixes. \n3.8 | Upgrade to later release with fixes. \n \n \n\n**Unified Agent** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2016-0702, CVE-2016-0797, \nCVE-2016-0799, CVE-2016-2842 | 4.7 and later | Not vulnerable, fixed in 4.7.1 \n4.6 | Upgrade to later release with fixes. \n4.1 | Upgrade to later release with fixes. \n \n \n\n**X-Series XOS** \n--- \n**CVE** | **Affected Version(s)** | **Remediation** \nCVE-2015-0705, CVE-2016-0797 | 11.0 | Upgrade to 11.0.2 \n10.0 | Upgrade to 10.0.6 \n9.7 | Upgrade to later release with fixes. \nCVE-2016-0703, CVE-2016-0704, \nCVE-2016-0800 | 11.0 (not vulnerable to known vectors of attack) | 11.0.2 \n10.0 (not vulnerable to known vectors of attack) | 10.0.6 \n9.7 | Upgrade to later release with fixes. \nCVE-2016-0702, CVE-2016-0799, \nCVE-2016-2842 | 10.0, 11.0 | Not available at this time. \n9.7 | Upgrade to later release with fixes. \n \n### \nADDITIONAL PRODUCT INFORMATION\n\nBlue Coat products may act as both client and server in SSL/TLS connections, and may use application functionality for cryptographic operations. Blue Coat products act as a client when connecting to Blue Coat services such as WebPulse, DRTR, and licensing and subscription services. Products should be considered vulnerable in all interfaces that provide SSL/TLS connections for data and management interfaces unless the CVE is specific to SSL/TLS client or server functionality (as noted in the descriptions above) or unless otherwise stated below:\n\n * **ASG:** CVE-2016-0800 (DROWN) only affects management connections, the forward proxy service, and the reverse proxy service.\n * **CacheFlow:** CVE-2016-0800 (DROWN) only affects management connections.\n * **CAS:** CVE-2016-0800 (DROWN) only affects management connections and connections to the secure ICAP server.\n * **IntelligenceCenter: **CVE-2016-0800 (DROWN) only affects management connections.\n * **MTD:** CVE-2016-0800 (DROWN) only affects management connections.\n * **PacketShaper S-Series: **CVE-2016-0703, CVE-2016-0704, and CVE-2016-0800 (DROWN) only affect management connections.\n * **PolicyCenter S-Series: **CVE-2016-0703, CVE-2016-0704, and CVE-2016-0800 (DROWN) only affect management connections.\n * **ProxyAV:** CVE-2016-0703, CVE-2016-0704, and CVE-2016-0800 (DROWN) only affect management connections and connections to the secure ICAP server.\n * **ProxySG:** CVE-2016-0800 (DROWN) affects management connections, the forward proxy service, and the reverse proxy service.\n * **XOS:** CVE-2016-0703, CVE-2016-0704, and CVE-2016-0800 (DROWN) only affect management connections.\n\nBlue Coat products that use a native installation of OpenSSL but do not install or maintain that implementation are not vulnerable to any of these CVEs. However, the underlying platform or application that installs and maintains OpenSSL may be vulnerable. Blue Coat urges our customers to update the versions of OpenSSL that are natively installed for Client Connector for OS X, Proxy Client for OS X, and Reporter 9.x for Linux.\n\nBlue Coat products do not enable or use all functionality within OpenSSL. The products listed below do not utilize the functionality described in the CVEs below and are thus not known to be vulnerable to them. However, fixes for these CVEs will be included in the patches that are provided.\n\n * **ASG:** CVE-2016-0702 (CacheBleed), CVE-2016-0705, and CVE-2016-0798\n * **Android Mobile Agent:** CVE-2016-0705 and CVE-2016-0798\n * **CacheFlow:** CVE-2016-0702 (CacheBleed), CVE-2016-0705, and CVE-2016-0798\n * **Client Connector for Windows:** CVE-2016-0705\n * **CAS:** CVE-2016-0702 (CacheBleed)\n * **MTD:** CVE-2016-0702 (CacheBleed) and CVE-2016-0800 (DROWN)\n * **MAA:** CVE-2016-0705 and CVE-2016-0798\n * **MC:** CVE-2016-0702 (CacheBleed), CVE-2016-0705, and CVE-2016-0800 (DROWN).\n * **ICSP:** CVE-2016-0705 and CVE-2016-0798\n * **NNP:** CVE-2016-0705 and CVE-2016-0798\n * **NSP:** CVE-2016-0705 and CVE-2016-0798\n * **PacketShaper:** CVE-2016-0705 and CVE-2016-0798\n * **PolicyCenter:** CVE-2016-0705 and CVE-2016-0798\n * **ProxyAV:** CVE-2016-0702 (CacheBleed) and CVE-2016-0798\n * **ProxyClient for Windows:** CVE-2016-0705\n * **ProxySG:** CVE-2016-0705 and CVE-2016-0798\n * **Reporter:** CVE-2016-0702 (9.4 and 9.5), CVE-2016-0705 (9.5 and 10.1), and CVE-2016-0798 (9.5 and 10.1)\n * **SSLV:** CVE-2016-0702 (CacheBleed), CVE-2016-0705, and CVE-2016-0798\n * **Unified Agent:** CVE-2016-0705 (4.1 and 4.6) and CVE-2016-0798 (4.6 only)\n * **XOS:** CVE-2016-0703, CVE-2016-0704, and CVE-2016-0800 (DROWN)\n\nThe following products are not vulnerable: \n**AuthConnector \nBlue Coat HSM Agent for the Luna SP \nCloud Data Protection for Salesforce \nCloud Data Protection for Salesforce Analytics \nCloud Data Protection for ServiceNow \nCloud Data Protection for Oracle CRM On Demand \nCloud Data Protection for Oracle Field Service Cloud \nCloud Data Protection for Oracle Sales Cloud \nCloud Data Protection Integration Server \nCloud Data Protection Communication Server \nCloud Data Protection Policy Builder \nGeneral Auth Connector Login Application \nK9 \nProxyAV ConLog and ConLogXP \nWeb Isolation**\n\nBlue Coat no longer provides vulnerability information for the following products:\n\n**DLP** \nPlease, contact Digital Guardian technical support regarding vulnerability information for DLP.\n\nThe following products are under investigation: \n**IntelligenceCenter Data Collector \n \n**\n\n### ISSUES\n\n**CVE-2016-0702 (CacheBleed)** \n--- \n**Severity / CVSSv2** | Low / 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N) \n**References** | SecurityFocus: NVD: [CVE-2016-0702](<https://nvd.nist.gov/vuln/detail/CVE-2016-0702>) \n**Impact** | Information disclosure \n**Description** | A flaw in the modular exponentiation implementation allows a local attacker controlling a processing thread running on an Intel Sandy Bridge CPU hyper-threaded core to use cache bank conflicts to recover RSA keys from another thread performing RSA operations on the same CPU core. \n \n \n\n**CVE-2016-0703** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n**References** | SecurityFocus: [BID 83743](<https://www.securityfocus.com/bid/83743>) / NVD: [CVE-2016-0703](<https://nvd.nist.gov/vuln/detail/CVE-2016-0703>) \n**Impact** | Information disclosure \n**Description** | A flaw in the SSLv2 server module allows a remote man-in-the-middle (MITM) attacker to intercept an SSLv2 handshake and perform an oracle attack against the SSLv2 server to recover the session master secret. The attacker can use the master secret to decrypt and modify the encrypted data in the live SSLv2 session. This attack is a more efficient variant of the DROWN attack (CVE-2016-0800) that does not require the affected server to support export-grade cipher suites. \n \n \n\n**CVE-2016-0704** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n**References** | SecurityFocus: [BID 83764](<https://www.securityfocus.com/bid/83764>) / NVD: [CVE-2016-0704](<https://nvd.nist.gov/vuln/detail/CVE-2016-0704>) \n**Impact** | Information disclosure \n**Description** | A flaw in the SSLv2 server module allows a remote MITM attacker to intercept an SSLv2 handshake and perform an oracle attack against the SSLv2 server to recover the session master secret. The attacker can use the master secret to decrypt and modify the encrypted data in the live SSLv2 session. This attack is a more efficient variant of the DROWN attack (CVE-2016-0800) that does not require the affected server to support export-grade cipher suites. \n \n \n\n**CVE-2016-0705** \n--- \n**Severity / CVSSv2** | High / 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n**References** | SecurityFocus: [BID 83754](<https://www.securityfocus.com/bid/83754>) / NVD: [CVE-2016-0705](<https://nvd.nist.gov/vuln/detail/CVE-2016-0705>) \n**Impact** | Denial of service \n**Description** | A flaw in DSA private key parsing allows a remote attacker to send a malformed DSA private key to the target and cause memory corruption, resulting in an application crash and denial of service. \n \n \n\n**CVE-2016-0797** \n--- \n**Severity / CVSSv2** | Medium / 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**References** | SecurityFocus: [BID 83763](<https://www.securityfocus.com/bid/83763>) / NVD: [CVE-2016-0797](<https://nvd.nist.gov/vuln/detail/CVE-2016-0797>) \n**Impact** | Denial of service, code execution \n**Description** | A flaw in large number binary conversion allows a remote attacker to send a large decimal or hexadecimal number to the target and cause memory corruption. This attack can result in denial of service through an application crash, or possible arbitrary code execution. \n \n \n\n**CVE-2016-0798** \n--- \n**Severity / CVSSv2** | High / 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) \n**References** | SecurityFocus: [BID 83705](<https://www.securityfocus.com/bid/83705>) / NVD: [CVE-2016-0798](<https://nvd.nist.gov/vuln/detail/CVE-2016-0798>) \n**Impact** | Denial of service \n**Description** | A flaw in SRP user lookups allows a remote attacker to connect to an SRP server with an invalid SRP user name and cause a memory leak on the server, resulting in an application crash and denial of service. \n \n \n\n**CVE-2016-0799** \n--- \n**Severity / CVSSv2** | High / 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n**References** | SecurityFocus: [BID 83755](<https://www.securityfocus.com/bid/83755>) / NVD: [CVE-2016-0799](<https://nvd.nist.gov/vuln/detail/CVE-2016-0799>) \n**Impact** | Denial of service \n**Description** | A flaw in string formatting during large string input/output allows a remote attacker to send a large string to the target and cause illegal memory accesses, resulting in an application crash and denial of service. \n \n \n\n**CVE-2016-0800 (DROWN)** \n--- \n**Severity / CVSSv2** | Medium / 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n**References** | SecurityFocus: [BID 83733](<https://www.securityfocus.com/bid/83733>) / NVD: [CVE-2016-0800](<https://nvd.nist.gov/vuln/detail/CVE-2016-0800>) \n**Impact** | Information disclosure \n**Description** | A padding oracle flaw in the SSLv2 protocol allows a remote attacker to decrypt passively captured sessions to a TLSv1.x server if the server uses the same RSA private key as a server that support SSLv2 and export-grade cipher suites. \n \n \n\n**CVE-2016-2842** \n--- \n**Severity / CVSSv2** | High / 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) \n**References** | SecurityFocus: [BID 84169](<https://www.securityfocus.com/bid/84169>) / NVD: [CVE-2016-2842](<https://nvd.nist.gov/vuln/detail/CVE-2016-2842>) \n**Impact** | Denial of service \n**Description** | A flaw in memory allocation during large string input/output allows a remote attacker to send a large string to the target and cause illegal memory accesses, resulting in an application crash and denial of service. \n \n### \nMITIGATION\n\nBlue Coat's ProxySG appliance can be used to prevent the DROWN attacks using CVE-2016-0703, CVE-2016-0704, and CVE-2016-0800. Customers using ProxySG as a forward proxy can protect TLS servers by blocking SSLv2 flows. ProxySG 6.5 and 6.6 customers can use the following CPL syntax:\n \n \n <SSL>\n client.connection.negotiated_ssl_version=SSLV2 deny\n <SSL>\n server.connection.negotiated_ssl_version=SSLV2 deny\n \n\nCVE-2016-0800 (DROWN) can be remediated on ASG and ProxySG by disabling SSLv2 for the HTTPS management console and reverse proxy service. SSLv2 cannot be disabled for HTTPS forward proxy deployments, but SSLv2 connections can be blocked using the CPL syntax above.\n\nCVE-2016-0800 (DROWN) can be remediated on CacheFlow by ensuring that SSLv2 is disabled for the management console. Customers should use the following steps in config mode to limit the SSL/TLS versions used by the management console to TLSv1.1 and TLSv1.2:\n \n \n management-services\n edit HTTPS-Console\n attribute ssl-versions tlsv1.1v1.2\n exit\n exit\n \n\nCVE-2016-0800 (DROWN) can be remediated on CAS by ensuring that SSLv2 is disabled for the secure ICAP server. To view the enabled SSL/TLS protocols, access the CAS management console and navigate to the \"Settings > ICAP\" page. Deselect SSLv2 under \"TLS Settings\" and save the changes.\n\nCVE-2016-0800 (DROWN) can be remediated on ProxyAV by disabling SSLv2 for SSL clients, the management console and the secure ICAP server. To view the enabled SSL/TLS protocols, access the ProxyAV management console. Navigate to \"Advanced/SSL Client\" for the SSL client settings, \"Network\" for the management console settings and \"ICAP Settings\" for the secure ICAP server settings. Deselect SSLv2 under \"SSL protocols\" and save the changes on each of these pages.\n\nCVE-2016-0800 (DROWN) can be remediated on Reporter 9.5 by disabling SSLv2 for the management console. To view the enabled SSL/TLS protocols, access the /settings/preferences.cfg file in the Reporter 9.5 installation directory. Ensure that the following line is set to \"false\":\n \n \n ssl_v2=\"false\"\n \n\nBy default Director does not enable SSLv2 for management connections. Customers who do not change this default behavior prevent attacks against Director using CVE-2016-0800 (DROWN). \n \n\n\n### REFERENCES\n\nOpenSSL Security Advisory - <https://www.openssl.org/news/secadv/20160301.txt> \nDROWN: Breaking TLS using SSLv2 - <https://drownattack.com/> \nCacheBleed: A Timing Attack on OpenSSL Constant Time RSA - <http://ssrg.nicta.com.au/projects/TS/cachebleed/> \n \n\n### REVISION\n\n2020-04-22 Advisory status move to Closed. \n2019-10-02 Web Isolation is not vulnerable. \n2019-09-07 Updated vulnerability information for Reporter. \n2019-08-20 A fix for IntelligenceCenter (IC) 3.3 will not be provided. NetDialog NetX is a replacement product for IntelligenceCenter. Please switch to a version of NetX with the vulnerability fixes. \n2018-09-24 A fix for SSLV 3.8.4FC will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-04-25 A fix for XOS 9.7 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2018-04-22 CAS 2.3 is vulnerable to CVE-2016-0800 (DROWN) when SSLv2 is enabled for the secure ICAP server. A fix will not be provided. Disabling SSLv2 in the secure ICAP server prevents attacks using CVE-2016-0800 (DROWN). See Workarounds section for instructions how to disable SSLv2. PacketShaper S-Series 11.10 is not vulnerable. \n2017-05-19 CAS 2.2 is vulnerable to CVE-2016-0800 (DROWN) when SSLv2 is enabled for the secure ICAP server. A fix will not be provided. Disabling SSLv2 in the secure ICAP server prevents attacks using CVE-2016-0800 (DROWN). See Workarounds section for instructions how to disable SSLv2. \n2017-11-06 ASG 6.7 is vulnerable to CVE-2016-0800 (DROWN) when SSLv2 is enabled. A fix will not be provided. Disabling SSLv2 for the management console, forward proxy service, and reverse proxy service prevents attacks using CVE-2016-0800 (DROWN). See Workarounds section for instructions how to disable SSLv2. \n2017-11-05 A fix for CVE-2015-0705 and CVE-2015-0798 in ASG 6.6 and ProxySG 6.6 is available in 6.6.5.13. \n2017-08-02 SSLV 4.1 is not vulnerable. \n2017-07-24 PacketShaper S-Series 11.9 is not vulnerable. \n2017-07-21 Reporter 9.4, 9.5, and 10.1 are vulnerable to CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842. Reporter 9.4 and 9.5 are also vulnerable to CVE-2016-0702, CVE-2016-0703, CVE-2016-0704. Reporter 9.4 and 9.5 are also vulnerable to CVE-2016-0800 (DROWN) when SSLv2 is enabled for the management console. A fix for all CVEs except CVE-2016-0800 (DROWN) in Reporter 9.5 is available in 9.5.3. A fix for CVE-2016-0800 (DROWN) will not be provided. Disabling SSLv2 for the management console prevents attacks using CVE-2016-0800 (DROWN). See Workarounds section for instructions how to disable SSLv2. A fix for Reporter 10.1 is available in 10.1.4.2. \n2017-07-20 MC 1.10 is not vulnerable. \n2017-07-12 A fix for CVE-2016-0800 in CacheFlow will not be provided. Disabling SSLv2 for the management console prevents attacks using CVE-2016-0800 (DROWN). See Workarounds section for instructions how to disable SSLv2. \n2017-06-30 A fix for the remaining CVE-2016-0705 and CVE-2016-0798 in ProxySG 6.5 is available in 6.5.10.4. \n2016-06-30 A fix for ProxyAV 3.5 is available in 3.5.4.2. \n2017-06-22 Security Analytics 7.3 is not vulnerable. \n2017-06-05 PacketShaper S-Series 11.8 is not vulnerable. \n2017-05-19 CAS 2.1 is vulnerable to CVE-2016-0800 (DROWN) when SSLv2 is enabled for the secure ICAP server. A fix will not be provided. Disabling SSLv2 in the secure ICAP server prevents attacks using CVE-2016-0800 (DROWN). See Workarounds section for instructions how to disable SSLv2. \n2017-04-29 A fix for CVE-2016-0705 and CVE-2016-0798 in CacheFlow 3.4 is available in 3.4.2.8. \n2017-03-30 MC 1.9 is not vulnerable. \n2017-03-29 A fix for all CVEs except CVE-2016-0705 and CVE-2016-0798 in ASG 6.6 is available in 6.6.5.4. \n2017-03-06 MC 1.8 is not vulnerable. SSLV 4.0 is not vulnerable. ProxySG 6.7 is vulnerable to CVE-2016-0800 (DROWN) when SSLv2 is enabled for the management console, forward proxy service, or reverse proxy service. A fix will not be provided. Disabling SSLv2 for the management console, forward proxy service, and reverse proxy service prevents attacks using CVE-2016-0800 (DROWN). \n2017-02-07 A fix for Android Mobile Agent is avaialble in 1.3.8. \n2016-11-29 A fix for Director is available in 6.1.22.1. PacketShaper S-Series 11.7 is not vulnerable. SSLV 3.11 is not vulnerable. Customers should contact Digital Guardian regarding vulnerability information for DLP. A fix for CVE-2016-0800 (DROWN) will not be provided for ProxySG 6.5 and 6.6. Disabling SSLv2 for the management console, forward proxy service, and reverse proxy service prevents attacks using CVE-2016-0800 (DROWN). See Workarounds section for instructions how to disable SSLv2. \n2016-11-17 Cloud Data Protection for Oracle Field Service Cloud is not vulnerable. \n2016-11-11 SSLV 3.10 is not vulnerable. \n2016-11-03 MC 1.5 has vulnerable code for CVE-2016-0800 (DROWN), but is not vulnerable to known vectors of attack. A fix for MC 1.5 will not be provided. A fix for MC 1.6 is available in 1.6.1.1. MC 1.7 is not vulnerable. \n2016-11-03 A fix for PacketShaper 9.2 is available in 9.2.13p2. A fix for PolicyCenter 9.2 is available in 9.2.13p2. \n2016-08-19 A fix for CVE-2016-0702 (CacheBleed), CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842 in CacheFlow is available in 3.4.2.7. \n2016-08-12 A fix for all CVEs except CVE-2016-0800 (DROWN) in CAS 1.3 is available in 1.3.7.1. A fix for CVE-2016-0800 (DROWN) will not be provided. Disabling SSLv2 in the secure ICAP server prevents attacks using CVE-2016-0800 (DROWN). See Workarounds section for instructions how to disable SSLv2. Security Analytics 7.2 is not vulnerable. \n2016-08-10 A fix for Unified Agent is available in 4.7.1. CacheFlow 3.4 has vulnerable code for CVE-2016-0702 (CacheBleed), but is not vulnerable to known vectors of attack. \n2016-07-25 Corrected the outstanding fixes for ProxySG 6.6 in the Patches section. \n2016-07-23 A fix for CVE-2016-0702 and CVE-2016-0797 in ProxySG 6.6 is available in 6.6.4.3 \n2016-07-16 It was previously reported that XOS is vulnerable to CVE-2016-0703, CVE-2016-0704, and CVE-2016-0800 (DROWN). Further investigation has shown that XOS only has vulnerable code for those CVEs, but is not vulnerable to known vectors of attack. Fixes for CVE-2016-0703, CVE-2016-0704, CVE-2015-0705, CVE-2016-0797, and CVE-2016-0800 (DROWN) are available in XOS 10.0.6 and 11.0.2. \n2016-06-30 PacketShaper S-Series 11.6 is not vulnerable. \n2016-06-28 Fixes for PacketShaper S-Series 11.2, 11.3, and 11.4 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2016-06-27 A fix for Client Connector will not be provided. Please upgrade to the latest version of Unified Agent with the vulnerability fixes. \n2016-06-24 A fix for all CVEs in PacketShaper S-Series is available in 11.5.3.2. A fix for all CVEs in PolicyCenter S-Series is available in 1.1.2.2. \n2016-06-21 It was previously reported that a fix for CVE-2016-0702 (CacheBleed) and CVE-2016-0797 for ProxySG 6.6 is provided in 6.6.4.1. Further investigation has shown that ProxySG 6.6 is still vulnerable to these CVEs. \n2016-06-21 A fix for CVE-2016-0702 (CacheBleed), CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842 in ProxySG 6.6 is available in 6.6.4.1. A fix for the other CVEs is not available at this time. \n2016-06-14 A fix for SA 7.0 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2016-06-13 Fixes for ICSP, NNP, and NSP are available in 5.3.6. \n2016-06-11 A fix for CVE-2016-0702 (CacheBleed), CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842 in ProxySG 6.5 is available in 6.5.9.8. A fix for the other CVEs is not available at this time. \n2016-06-07 A fix for SSLV 3.9 is available in 3.9.3.6. No version of SSLV is vulnerable to CVE-2016-0800 (DROWN). \n2016-06-03 A fix for MAA is available in 4.2.9. \n2016-05-25 The remaining fixes for Security Analytics 6.6 and 7.1 are available through a patch RPM from Blue Coat Support. \n2016-05-17 Security Analytics 6.6, 7.0 and 7.1 are vulnerable and partial fixes are available in 6.6.12 and 7.1.11. \n2016-05-12 A fix for SSLV 3.8 will not be provided. Please upgrade to a later version with the vulnerability fixes. \n2016-05-11 No Cloud Data Protection products are vulnerable. \n2016-04-28 Fixes for CVE-2016-0702 (CacheBleed), CVE-2016-0705, CVE-2016-0797, and CVE-2016-0800 (DROWN) are available in PS S-Series 11.5.3.1 and PC S-Series 1.1.2.1. \n2016-04-25 MTD 1.1 is vulnerable to and has vulnerable code for multiple CVEs. A partial fix is available in MTD 1.1.2.1. \n2016-04-21 PacketShaper S-Series and PolicyCenter S-Series are not vulnerable to CVE-2016-0703 and CVE-2016-0704. \n2016-04-15 A fix will not be provided for CAS 1.2. Please upgrade to a later version with the vulnerability fixes. \n2016-04-12 Updated CVSS v2 scores to match the scores in the National Vulnerability Database. Added CVE-2016-2842 as a vulnerability independent of CVE-2016-0799. \n2016-03-07 initial public release\n", "modified": "2020-04-22T21:25:17", "published": "2016-03-07T07:00:00", "id": "SMNTC-1351", "href": "", "type": "symantec", "title": "SA117 : OpenSSL Vulnerabilities 1-Mar-2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:18", "bulletinFamily": "unix", "cvelist": ["CVE-2015-0813", "CVE-2012-2808", "CVE-2015-0812", "CVE-2015-0811", "CVE-2015-0810", "CVE-2015-0808", "CVE-2015-0816", "CVE-2015-0805", "CVE-2015-0802", "CVE-2015-0815", "CVE-2015-0807", "CVE-2015-0804", "CVE-2015-0801", "CVE-2015-0800", "CVE-2015-0803", "CVE-2015-0814", "CVE-2015-0806"], "description": "\nThe Mozilla Project reports:\n\nMFSA-2015-30 Miscellaneous memory safety hazards (rv:37.0\n\t / rv:31.6)\nMFSA-2015-31 Use-after-free when using the Fluendo MP3\n\t GStreamer plugin\nMFSA-2015-32 Add-on lightweight theme installation\n\t approval bypassed through MITM attack\nMFSA-2015-33 resource:// documents can load privileged\n\t pages\nMFSA-2015-34 Out of bounds read in QCMS library\nMFSA-2015-35 Cursor clickjacking with flash and images\nMFSA-2015-36 Incorrect memory management for simple-type\n\t arrays in WebRTC\nMFSA-2015-37 CORS requests should not follow 30x\n\t redirections after preflight\nMFSA-2015-38 Memory corruption crashes in Off Main Thread\n\t Compositing\nMFSA-2015-39 Use-after-free due to type confusion flaws\nMFSA-2015-40 Same-origin bypass through anchor navigation\nMFSA-2015-41 PRNG weakness allows for DNS poisoning on\n\t Android\nMFSA-2015-42 Windows can retain access to privileged\n\t content on navigation to unprivileged pages\n\n", "edition": 4, "modified": "2015-03-31T00:00:00", "published": "2015-03-31T00:00:00", "id": "D0C97697-DF2C-4B8B-BFF2-CEC24DC35AF8", "href": "https://vuxml.freebsd.org/freebsd/d0c97697-df2c-4b8b-bff2-cec24dc35af8.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-07T10:50:15", "description": "The Mozilla Project reports :\n\nMFSA-2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)\n\nMFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer\nplugin\n\nMFSA-2015-32 Add-on lightweight theme installation approval bypassed\nthrough MITM attack\n\nMFSA-2015-33 resource:// documents can load privileged pages\n\nMFSA-2015-34 Out of bounds read in QCMS library\n\nMFSA-2015-35 Cursor clickjacking with flash and images\n\nMFSA-2015-36 Incorrect memory management for simple-type arrays in\nWebRTC\n\nMFSA-2015-37 CORS requests should not follow 30x redirections after\npreflight\n\nMFSA-2015-38 Memory corruption crashes in Off Main Thread Compositing\n\nMFSA-2015-39 Use-after-free due to type confusion flaws\n\nMFSA-2015-40 Same-origin bypass through anchor navigation\n\nMFSA-2015-41 PRNG weakness allows for DNS poisoning on Android\n\nMFSA-2015-42 Windows can retain access to privileged content on\nnavigation to unprivileged pages", "edition": 22, "published": "2015-04-01T00:00:00", "title": "FreeBSD : mozilla -- multiple vulnerabilities (d0c97697-df2c-4b8b-bff2-cec24dc35af8)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0813", "CVE-2012-2808", "CVE-2015-0812", "CVE-2015-0811", "CVE-2015-0810", "CVE-2015-0808", "CVE-2015-0816", "CVE-2015-0805", "CVE-2015-0802", "CVE-2015-0815", "CVE-2015-0807", "CVE-2015-0804", "CVE-2015-0801", "CVE-2015-0800", "CVE-2015-0803", "CVE-2015-0814", "CVE-2015-0806"], "modified": "2015-04-01T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-thunderbird", "p-cpe:/a:freebsd:freebsd:linux-firefox", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:libxul", "p-cpe:/a:freebsd:freebsd:seamonkey", "p-cpe:/a:freebsd:freebsd:linux-seamonkey", "p-cpe:/a:freebsd:freebsd:firefox", "p-cpe:/a:freebsd:freebsd:thunderbird", "p-cpe:/a:freebsd:freebsd:firefox-esr"], "id": "FREEBSD_PKG_D0C97697DF2C4B8BBFF2CEC24DC35AF8.NASL", "href": "https://www.tenable.com/plugins/nessus/82482", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82482);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2808\", \"CVE-2015-0800\", \"CVE-2015-0801\", \"CVE-2015-0802\", \"CVE-2015-0803\", \"CVE-2015-0804\", \"CVE-2015-0805\", \"CVE-2015-0806\", \"CVE-2015-0807\", \"CVE-2015-0808\", \"CVE-2015-0810\", \"CVE-2015-0811\", \"CVE-2015-0812\", \"CVE-2015-0813\", \"CVE-2015-0814\", \"CVE-2015-0815\", \"CVE-2015-0816\");\n\n script_name(english:\"FreeBSD : mozilla -- multiple vulnerabilities (d0c97697-df2c-4b8b-bff2-cec24dc35af8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Mozilla Project reports :\n\nMFSA-2015-30 Miscellaneous memory safety hazards (rv:37.0 / rv:31.6)\n\nMFSA-2015-31 Use-after-free when using the Fluendo MP3 GStreamer\nplugin\n\nMFSA-2015-32 Add-on lightweight theme installation approval bypassed\nthrough MITM attack\n\nMFSA-2015-33 resource:// documents can load privileged pages\n\nMFSA-2015-34 Out of bounds read in QCMS library\n\nMFSA-2015-35 Cursor clickjacking with flash and images\n\nMFSA-2015-36 Incorrect memory management for simple-type arrays in\nWebRTC\n\nMFSA-2015-37 CORS requests should not follow 30x redirections after\npreflight\n\nMFSA-2015-38 Memory corruption crashes in Off Main Thread Compositing\n\nMFSA-2015-39 Use-after-free due to type confusion flaws\n\nMFSA-2015-40 Same-origin bypass through anchor navigation\n\nMFSA-2015-41 PRNG weakness allows for DNS poisoning on Android\n\nMFSA-2015-42 Windows can retain access to privileged content on\nnavigation to unprivileged pages\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-30/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-30/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-31/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-31/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-32/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-32/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-33/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-33/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-34/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-34/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-35/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-35/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-36/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-36/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-37/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-37/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-38/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-38/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-39/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-39/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-40/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-40/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-41/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-41/\"\n );\n # https://www.mozilla.org/security/advisories/mfsa2015-42/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-42/\"\n );\n # https://www.mozilla.org/security/advisories/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/\"\n );\n # https://vuxml.freebsd.org/freebsd/d0c97697-df2c-4b8b-bff2-cec24dc35af8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fb120cc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Firefox PDF.js Privileged Javascript Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:firefox-esr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libxul\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:seamonkey\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:thunderbird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"firefox<37.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"firefox-esr<31.6.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-firefox<37.0,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-seamonkey<2.34\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-thunderbird<31.6.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"seamonkey<2.34\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"thunderbird<31.6.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"libxul<31.6.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "cvelist": ["CVE-2015-0813", "CVE-2012-2808", "CVE-2015-0812", "CVE-2015-0811", "CVE-2015-0810", "CVE-2015-0799", "CVE-2015-0808", "CVE-2015-0816", "CVE-2015-0798", "CVE-2015-0802", "CVE-2015-0815", "CVE-2015-0807", "CVE-2015-0804", "CVE-2015-0801", "CVE-2015-0800", "CVE-2015-0803", "CVE-2015-0814", "CVE-2015-0806", "CVE-2015-2706"], "description": "Certificate check bypass, code execution, restrictions bypass, memory corruptions.", "edition": 1, "modified": "2015-04-08T00:00:00", "published": "2015-04-08T00:00:00", "id": "SECURITYVULNS:VULN:14355", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14355", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
