Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-3688.NASL
HistoryOct 06, 2016 - 12:00 a.m.

Debian DSA-3688-1 : nss - security update (Logjam) (SLOTH)

2016-10-0600:00:00
This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
JSON

Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project.

  • CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data encrypted with Transport Layer Security (TLS).

  • CVE-2015-7181 CVE-2015-7182 CVE-2016-1950 Tyson Smith, David Keeler, and Francis Gabriel discovered heap-based buffer overflows in the ASN.1 DER parser, potentially leading to arbitrary code execution.

  • CVE-2015-7575 Karthikeyan Bhargavan discovered that TLS client implementation accepted MD5-based signatures for TLS 1.2 connections with forward secrecy, weakening the intended security strength of TLS connections.

  • CVE-2016-1938 Hanno Boeck discovered that NSS miscomputed the result of integer division for certain inputs. This could weaken the cryptographic protections provided by NSS.
    However, NSS implements RSA-CRT leak hardening, so RSA private keys are not directly disclosed by this issue.

  • CVE-2016-1978 Eric Rescorla discovered a use-after-free vulnerability in the implementation of ECDH-based TLS handshakes, with unknown consequences.

  • CVE-2016-1979 Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER processing, with application-specific impact.

  • CVE-2016-2834 Tyson Smith and Jed Davis discovered unspecified memory-safety bugs in NSS.

In addition, the NSS library did not ignore environment variables in processes which underwent a SUID/SGID/AT_SECURE transition at process start. In certain system configurations, this allowed local users to escalate their privileges.

This update contains further correctness and stability fixes without immediate security impact.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3688. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(93871);
  script_version("2.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id(
    "CVE-2015-4000",
    "CVE-2015-7181",
    "CVE-2015-7182",
    "CVE-2015-7575",
    "CVE-2016-1938",
    "CVE-2016-1950",
    "CVE-2016-1978",
    "CVE-2016-1979",
    "CVE-2016-2834"
  );
  script_xref(name:"DSA", value:"3688");
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");

  script_name(english:"Debian DSA-3688-1 : nss - security update (Logjam) (SLOTH)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security-related update.");
  script_set_attribute(attribute:"description", value:
"Several vulnerabilities were discovered in NSS, the cryptography
library developed by the Mozilla project.

  - CVE-2015-4000
    David Adrian et al. reported that it may be feasible to
    attack Diffie-Hellman-based cipher suites in certain
    circumstances, compromising the confidentiality and
    integrity of data encrypted with Transport Layer
    Security (TLS).

  - CVE-2015-7181 CVE-2015-7182 CVE-2016-1950
    Tyson Smith, David Keeler, and Francis Gabriel
    discovered heap-based buffer overflows in the ASN.1 DER
    parser, potentially leading to arbitrary code execution.

  - CVE-2015-7575
    Karthikeyan Bhargavan discovered that TLS client
    implementation accepted MD5-based signatures for TLS 1.2
    connections with forward secrecy, weakening the intended
    security strength of TLS connections.

  - CVE-2016-1938
    Hanno Boeck discovered that NSS miscomputed the result
    of integer division for certain inputs. This could
    weaken the cryptographic protections provided by NSS.
    However, NSS implements RSA-CRT leak hardening, so RSA
    private keys are not directly disclosed by this issue.

  - CVE-2016-1978
    Eric Rescorla discovered a use-after-free vulnerability
    in the implementation of ECDH-based TLS handshakes, with
    unknown consequences.

  - CVE-2016-1979
    Tim Taubert discovered a use-after-free vulnerability in
    ASN.1 DER processing, with application-specific impact.

  - CVE-2016-2834
    Tyson Smith and Jed Davis discovered unspecified
    memory-safety bugs in NSS.

In addition, the NSS library did not ignore environment variables in
processes which underwent a SUID/SGID/AT_SECURE transition at process
start. In certain system configurations, this allowed local users to
escalate their privileges.

This update contains further correctness and stability fixes without
immediate security impact.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583651");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2015-4000");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2015-7181");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2015-7182");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-1950");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2015-7575");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-1938");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-1978");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-1979");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2016-2834");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/jessie/nss");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2016/dsa-3688");
  script_set_attribute(attribute:"solution", value:
"Upgrade the nss packages.

For the stable distribution (jessie), these problems have been fixed
in version 2:3.26-1+debu8u1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/10/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nss");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"libnss3", reference:"2:3.26-1+debu8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libnss3-1d", reference:"2:3.26-1+debu8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libnss3-dbg", reference:"2:3.26-1+debu8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libnss3-dev", reference:"2:3.26-1+debu8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libnss3-tools", reference:"2:3.26-1+debu8u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxnssp-cpe:/a:debian:debian_linux:nss
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0

References

Related

debian 4
openvas 42
osv 4
nessus 46
oraclelinux 6
ibm 25
symantec 2
ubuntu 4
archlinux 1
redhat 9
amazon 3
centos 6
freebsd 3
veracode 7
slackware 1
mozilla 4
f5 8
gentoo 1
cve 6
ubuntucve 4
debiancve 6
prion 5
redhatcve 1
mageia 1
debian
debian
[SECURITY] [DSA 3688-1] nss security update
2016-10-05 20:20:43
[SECURITY] [DLA 480-1] nss security update
2016-05-18 18:34:37
[SECURITY] [DLA 354-1] nss security update
2015-11-29 16:36:27
openvas
openvas
Debian Security Advisory DSA 3688-1 (nss - security update)
2016-10-05 00:00:00
Debian Security Advisory DSA 3688-1 (nss - security update)
2016-10-05 00:00:00
Ubuntu Update for nss USN-2791-1
2015-11-05 00:00:00
osv
osv
nss - security update
2016-10-05 00:00:00
nss - security update
2016-05-18 00:00:00
nss - security update
2015-11-29 00:00:00
nessus
nessus
Debian DLA-480-1 : nss security update
2016-05-19 00:00:00
Debian DLA-354-1 : nss security update
2015-11-30 00:00:00
Ubuntu 14.04 LTS : NSS vulnerabilities (USN-2791-1)
2015-11-05 00:00:00
oraclelinux
oraclelinux
nss, nss-util, and nspr security, bug fix, and enhancement update
2016-04-05 00:00:00
nss and nspr security, bug fix, and enhancement update
2016-04-25 00:00:00
nss, nss-util, and nspr security update
2015-11-04 00:00:00
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager
2018-06-16 21:41:47
Security Bulletin: Vulnerabilities in Mozilla Firefox Network Security Services affect PowerKVM (CVE-2016-1978,CVE-2016-1979)
2018-06-18 01:32:18
Security Bulletin: IBM Security Access Manager for Mobile is affected by vulnerabilities in nss, nss-util, and nspr (CVE-2016-1978, CVE-2016-1979)
2018-06-16 21:44:35
symantec
symantec
SA119 : Multiple NSS Vulnerabilities
2016-03-22 08:00:00
SA124 : NSS Vulnerabilities March 2016
2016-06-07 08:00:00
ubuntu
ubuntu
NSS vulnerabilities
2015-11-04 00:00:00
Thunderbird vulnerabilities
2016-05-19 00:00:00
NSS vulnerability
2016-07-11 00:00:00
archlinux
archlinux
nss: arbitrary code execution
2015-11-06 00:00:00
redhat
redhat
(RHSA-2016:0591) Moderate: nss, nss-util, and nspr security, bug fix, and enhancement update
2016-04-05 00:00:00
(RHSA-2016:0684) Moderate: nss and nspr security, bug fix, and enhancement update
2016-04-25 00:00:00
(RHSA-2016:0685) Moderate: nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update
2016-04-25 11:11:50
amazon
amazon
Medium: nspr, nss-util, nss, nss-softokn
2016-05-18 14:00:00
Critical: nspr, nss-util, nss, jss
2015-11-05 01:58:00
Critical: nss-util
2016-03-10 16:30:00
centos
centos
nspr, nss security update
2016-04-25 13:19:01
nspr, nss security update
2016-04-25 17:49:11
nspr, nss security update
2016-04-05 12:27:24
freebsd
freebsd
NSS -- multiple vulnerabilities
2016-03-08 00:00:00
NSS -- multiple vulnerabilities
2016-01-26 00:00:00
NSS -- multiple vulnerabilities
2016-06-07 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:43:34
Arbitrary Code Execution
2019-05-02 05:43:35
Denial Of Service (DoS)
2019-01-15 09:08:13
slackware
slackware
[slackware-security] mozilla-nss
2015-11-06 17:08:58
mozilla
mozilla
NSS and NSPR memory corruption issues — Mozilla
2015-11-03 00:00:00
Use-after-free in NSS during SSL connections in low memory — Mozilla
2016-01-26 00:00:00
Use-after-free during processing of DER encoded keys in NSS — Mozilla
2016-03-08 00:00:00
f5
f5
SOL31372672 - Mozilla NSS vulnerabilities CVE-2015-7181, CVE-2015-7182, and CVE-2015-7183
2015-12-09 00:00:00
K31372672 : Mozilla NSS vulnerabilities CVE-2015-7181, CVE-2015-7182, and CVE-2015-7183
2015-12-09 00:00:00
K37540306 : Mozilla Network Security Services use-after-free vulnerability CVE-2016-1978
2016-11-15 00:00:00
gentoo
gentoo
Mozilla Network Security Service (NSS): Multiple vulnerabilities
2017-01-19 00:00:00
cve
cve
CVE-2015-7181
2015-11-05 05:59:00
CVE-2016-1978
2016-03-13 18:59:00
CVE-2015-7182
2015-11-05 05:59:00
ubuntucve
ubuntucve
CVE-2015-7181
2015-11-04 00:00:00
CVE-2015-7182
2015-11-04 00:00:00
CVE-2016-1978
2016-03-13 00:00:00
debiancve
debiancve
CVE-2015-7181
2015-11-05 05:59:00
CVE-2016-1978
2016-03-13 18:59:00
CVE-2015-7182
2015-11-05 05:59:00
prion
prion
Design/Logic Flaw
2015-11-05 05:59:00
Design/Logic Flaw
2016-03-13 18:59:00
Heap overflow
2015-11-05 05:59:00
redhatcve
redhatcve
CVE-2016-2834
2016-06-18 08:48:29
mageia
mageia
Updated nss packages fix CVE-2016-1950
2016-03-16 21:07:23
JSON
Related for DEBIAN_DSA-3688.NASL
debian4openvas42osv4nessus46oraclelinux6ibm25symantec2ubuntu4archlinux1redhat9amazon3centos6freebsd3veracode7slackware1mozilla4f58gentoo1cve6ubuntucve4debiancve6prion5redhatcve1mageia1