Search...

EulerOS 2.0 SP1 : nss (EulerOS-SA-2017-1246)

2017-10-19T00:00:00

ID EULEROS_SA-2017-1246.NASL
Type nessus
Reporter This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2017-10-19T00:00:00

Description

According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application.(CVE-2017-7805)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(103937);
  script_version("3.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2017-7805"
  );

  script_name(english:"EulerOS 2.0 SP1 : nss (EulerOS-SA-2017-1246)");
  script_summary(english:"Checks the rpm output for the updated package.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the nss packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :

  - A use-after-free flaw was found in the TLS 1.2
    implementation in the NSS library when client
    authentication was used. A malicious client could use
    this flaw to cause an application compiled against NSS
    to crash or, potentially, execute arbitrary code with
    the permission of the user running the
    application.(CVE-2017-7805)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1246
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e87b8cd1");
  script_set_attribute(attribute:"solution", value:
"Update the affected nss package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/10/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nss-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nss-sysinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nss-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$" && "aarch64" &gt;!&lt; cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["nss-3.28.4-12",
        "nss-devel-3.28.4-12",
        "nss-sysinit-3.28.4-12",
        "nss-tools-3.28.4-12"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss");
}

JSON Vulners Source

Initial Source

{"id": "EULEROS_SA-2017-1246.NASL", "bulletinFamily": "scanner", "title": "EulerOS 2.0 SP1 : nss (EulerOS-SA-2017-1246)", "description": "According to the version of the nss packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A use-after-free flaw was found in the TLS 1.2\n implementation in the NSS library when client\n authentication was used. A malicious client could use\n this flaw to cause an application compiled against NSS\n to crash or, potentially, execute arbitrary code with\n the permission of the user running the\n application.(CVE-2017-7805)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2017-10-19T00:00:00", "modified": "2017-10-19T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/103937", "reporter": "This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?e87b8cd1"], "cvelist": ["CVE-2017-7805"], "type": "nessus", "lastseen": "2021-01-07T08:52:37", "edition": 25, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-7805"]}, {"type": "f5", "idList": ["F5:K58192514"]}, {"type": "nessus", "idList": ["UBUNTU_USN-3431-1.NASL", "DEBIAN_DLA-1138.NASL", "REDHAT-RHSA-2017-2832.NASL", "SL_20170929_NSS_ON_SL6_X.NASL", "CENTOS_RHSA-2017-2832.NASL", "ORACLELINUX_ELSA-2017-2832.NASL", "DEBIAN_DSA-3998.NASL", "VIRTUOZZO_VZLSA-2017-2832.NASL", "EULEROS_SA-2017-1247.NASL", "ALA_ALAS-2017-911.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310882779", "OPENVAS:1361412562310703998", "OPENVAS:1361412562311220171246", "OPENVAS:1361412562310812008", "OPENVAS:1361412562310843318", "OPENVAS:1361412562310843338", "OPENVAS:1361412562310882776", "OPENVAS:1361412562310891138", "OPENVAS:1361412562311220191397", "OPENVAS:1361412562311220171247"]}, {"type": "centos", "idList": ["CESA-2017:2832"]}, {"type": "freebsd", "idList": ["1098A15B-B0F6-42B7-B5C7-8A8646E8BE07", "E71FD9D3-AF47-11E7-A633-009C02A2AB30"]}, {"type": "ubuntu", "idList": ["USN-3435-2", "USN-3436-1", "USN-3431-1", "USN-3435-1"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1138-1:010B9", "DEBIAN:DLA-1153-1:BC79D", "DEBIAN:DSA-3987-1:D7A2C", "DEBIAN:DSA-3998-1:53FB5", "DEBIAN:DSA-4014-1:790B0", "DEBIAN:DLA-1118-1:2A1EE"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-2832"]}, {"type": "amazon", "idList": ["ALAS-2017-911"]}, {"type": "redhat", "idList": ["RHSA-2017:2832"]}, {"type": "suse", "idList": ["SUSE-SU-2017:2688-1", "OPENSUSE-SU-2017:2707-1", "OPENSUSE-SU-2017:2710-1", "SUSE-SU-2017:2872-2", "OPENSUSE-SU-2017:2615-1", "SUSE-SU-2017:2872-1"]}, {"type": "archlinux", "idList": ["ASA-201710-19"]}, {"type": "kaspersky", "idList": ["KLA11116", "KLA11109"]}, {"type": "gentoo", "idList": ["GLSA-201802-03", "GLSA-201803-14"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2018-4428296", "ORACLE:CPUOCT2018", "ORACLE:CPUAPR2018-3678067", "ORACLE:CPUAPR2018"]}], "modified": "2021-01-07T08:52:37", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-01-07T08:52:37", "rev": 2}, "vulnersScore": 7.0}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103937);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7805\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : nss (EulerOS-SA-2017-1246)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the nss packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A use-after-free flaw was found in the TLS 1.2\n implementation in the NSS library when client\n authentication was used. A malicious client could use\n this flaw to cause an application compiled against NSS\n to crash or, potentially, execute arbitrary code with\n the permission of the user running the\n application.(CVE-2017-7805)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1246\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e87b8cd1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nss package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"nss-3.28.4-12\",\n \"nss-devel-3.28.4-12\",\n \"nss-sysinit-3.28.4-12\",\n \"nss-tools-3.28.4-12\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss\");\n}\n", "naslFamily": "Huawei Local Security Checks", "pluginID": "103937", "cpe": ["p-cpe:/a:huawei:euleros:nss-sysinit", "p-cpe:/a:huawei:euleros:nss-tools", "p-cpe:/a:huawei:euleros:nss", "p-cpe:/a:huawei:euleros:nss-devel", "cpe:/o:huawei:euleros:2.0"], "scheme": null, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}

{"cve": [{"lastseen": "2021-02-02T06:36:50", "description": "During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-11T21:29:00", "title": "CVE-2017-7805", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7805"], "modified": "2018-10-17T01:30:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:mozilla:firefox_esr:52.4.0", "cpe:/a:mozilla:thunderbird:52.4.0", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:mozilla:firefox:56.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2017-7805", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7805", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:firefox_esr:52.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2020-04-06T22:39:41", "bulletinFamily": "software", "cvelist": ["CVE-2017-7805"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | CVSSv3 score | Vulnerable component or feature \n---|---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None | None \nBIG-IP GTM | None | 11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 \n11.2.1 | Not vulnerable | None | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.5.1 - 11.6.2 | Not vulnerable | None | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None | None \nF5 WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.2 | Not vulnerable | None | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2018-07-09T19:47:00", "published": "2017-11-03T01:54:00", "id": "F5:K58192514", "href": "https://support.f5.com/csp/article/K58192514", "title": "NSS vulnerability CVE-2017-7805", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-17T12:51:48", "description": "From Red Hat Security Advisory 2017:2832 :\n\nAn update for nss is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the TLS 1.2 implementation in the\nNSS library when client authentication was used. A malicious client\ncould use this flaw to cause an application compiled against NSS to\ncrash or, potentially, execute arbitrary code with the permission of\nthe user running the application. (CVE-2017-7805)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Martin Thomson as the original reporter.", "edition": 29, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-09-29T00:00:00", "title": "Oracle Linux 6 / 7 : nss (ELSA-2017-2832)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "modified": "2017-09-29T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:nss-pkcs11-devel", "p-cpe:/a:oracle:linux:nss-devel", "p-cpe:/a:oracle:linux:nss", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:nss-tools", "p-cpe:/a:oracle:linux:nss-sysinit"], "id": "ORACLELINUX_ELSA-2017-2832.NASL", "href": "https://www.tenable.com/plugins/nessus/103559", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:2832 and \n# Oracle Linux Security Advisory ELSA-2017-2832 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103559);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-7805\");\n script_xref(name:\"RHSA\", value:\"2017:2832\");\n\n script_name(english:\"Oracle Linux 6 / 7 : nss (ELSA-2017-2832)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:2832 :\n\nAn update for nss is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the TLS 1.2 implementation in the\nNSS library when client authentication was used. A malicious client\ncould use this flaw to cause an application compiled against NSS to\ncrash or, potentially, execute arbitrary code with the permission of\nthe user running the application. (CVE-2017-7805)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Martin Thomson as the original reporter.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-September/007235.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-September/007237.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected nss packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"nss-3.28.4-4.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"nss-devel-3.28.4-4.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"nss-pkcs11-devel-3.28.4-4.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"nss-sysinit-3.28.4-4.0.1.el6_9\")) flag++;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"nss-tools-3.28.4-4.0.1.el6_9\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-3.28.4-12.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-devel-3.28.4-12.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-pkcs11-devel-3.28.4-12.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-sysinit-3.28.4-12.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-tools-3.28.4-12.el7_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-devel / nss-pkcs11-devel / nss-sysinit / nss-tools\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:50:52", "description": "Martin Thomson discovered that nss, the Mozilla Network Security\nService library, is prone to a use-after-free vulnerability in the TLS\n1.2 implementation when handshake hashes are generated. A remote\nattacker can take advantage of this flaw to cause an application using\nthe nss library to crash, resulting in a denial of service, or\npotentially to execute arbitrary code.", "edition": 25, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-10-12T00:00:00", "title": "Debian DSA-3998-1 : nss - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "modified": "2017-10-12T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:nss", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3998.NASL", "href": "https://www.tenable.com/plugins/nessus/103794", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3998. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103794);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-7805\");\n script_xref(name:\"DSA\", value:\"3998\");\n\n script_name(english:\"Debian DSA-3998-1 : nss - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Martin Thomson discovered that nss, the Mozilla Network Security\nService library, is prone to a use-after-free vulnerability in the TLS\n1.2 implementation when handshake hashes are generated. A remote\nattacker can take advantage of this flaw to cause an application using\nthe nss library to crash, resulting in a denial of service, or\npotentially to execute arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/nss\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/nss\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3998\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the nss packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2:3.26-1+debu8u3.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2:3.26.2-1.1+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libnss3\", reference:\"2:3.26-1+debu8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libnss3-1d\", reference:\"2:3.26-1+debu8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libnss3-dbg\", reference:\"2:3.26-1+debu8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libnss3-dev\", reference:\"2:3.26-1+debu8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libnss3-tools\", reference:\"2:3.26-1+debu8u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnss3\", reference:\"2:3.26.2-1.1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnss3-dbg\", reference:\"2:3.26.2-1.1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnss3-dev\", reference:\"2:3.26.2-1.1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libnss3-tools\", reference:\"2:3.26.2-1.1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:52:37", "description": "According to the version of the nss packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A use-after-free flaw was found in the TLS 1.2\n implementation in the NSS library when client\n authentication was used. A malicious client could use\n this flaw to cause an application compiled against NSS\n to crash or, potentially, execute arbitrary code with\n the permission of the user running the\n application.(CVE-2017-7805)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-10-19T00:00:00", "title": "EulerOS 2.0 SP2 : nss (EulerOS-SA-2017-1247)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "modified": "2017-10-19T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:nss-sysinit", "p-cpe:/a:huawei:euleros:nss-tools", "p-cpe:/a:huawei:euleros:nss", "p-cpe:/a:huawei:euleros:nss-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1247.NASL", "href": "https://www.tenable.com/plugins/nessus/103938", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103938);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7805\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : nss (EulerOS-SA-2017-1247)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the nss packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A use-after-free flaw was found in the TLS 1.2\n implementation in the NSS library when client\n authentication was used. A malicious client could use\n this flaw to cause an application compiled against NSS\n to crash or, potentially, execute arbitrary code with\n the permission of the user running the\n application.(CVE-2017-7805)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1247\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09966567\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected nss package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"nss-3.28.4-12\",\n \"nss-devel-3.28.4-12\",\n \"nss-sysinit-3.28.4-12\",\n \"nss-tools-3.28.4-12\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T09:31:40", "description": "An update for nss is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the TLS 1.2 implementation in the\nNSS library when client authentication was used. A malicious client\ncould use this flaw to cause an application compiled against NSS to\ncrash or, potentially, execute arbitrary code with the permission of\nthe user running the application. (CVE-2017-7805)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Martin Thomson as the original reporter.", "edition": 30, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-10-02T00:00:00", "title": "CentOS 6 / 7 : nss (CESA-2017:2832)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "modified": "2017-10-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:nss-devel", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:nss-pkcs11-devel", "p-cpe:/a:centos:centos:nss-tools", "p-cpe:/a:centos:centos:nss", "p-cpe:/a:centos:centos:nss-sysinit"], "id": "CENTOS_RHSA-2017-2832.NASL", "href": "https://www.tenable.com/plugins/nessus/103574", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2832 and \n# CentOS Errata and Security Advisory 2017:2832 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103574);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-7805\");\n script_xref(name:\"RHSA\", value:\"2017:2832\");\n\n script_name(english:\"CentOS 6 / 7 : nss (CESA-2017:2832)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for nss is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the TLS 1.2 implementation in the\nNSS library when client authentication was used. A malicious client\ncould use this flaw to cause an application compiled against NSS to\ncrash or, potentially, execute arbitrary code with the permission of\nthe user running the application. (CVE-2017-7805)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Martin Thomson as the original reporter.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-September/022550.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1d6e28a\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-September/022552.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e8f58668\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected nss packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7805\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-3.28.4-4.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-devel-3.28.4-4.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-pkcs11-devel-3.28.4-4.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-sysinit-3.28.4-4.el6_9\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-tools-3.28.4-4.el6_9\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nss-3.28.4-12.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nss-devel-3.28.4-12.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nss-pkcs11-devel-3.28.4-12.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nss-sysinit-3.28.4-12.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nss-tools-3.28.4-12.el7_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-devel / nss-pkcs11-devel / nss-sysinit / nss-tools\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:38:45", "description": "Martin Thomson discovered that nss, the Mozilla Network Security\nService library, is prone to a use-after-free vulnerability in the TLS\n1.2 implementation when handshake hashes are generated. A remote\nattacker can take advantage of this flaw to cause an application using\nthe nss library to crash, resulting in a denial of service, or\npotentially to execute arbitrary code.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2:3.26-1+debu7u5.\n\nWe recommend that you upgrade your nss packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-10-20T00:00:00", "title": "Debian DLA-1138-1 : nss security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "modified": "2017-10-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libnss3", "p-cpe:/a:debian:debian_linux:libnss3-dbg", "p-cpe:/a:debian:debian_linux:libnss3-dev", "p-cpe:/a:debian:debian_linux:libnss3-tools", "p-cpe:/a:debian:debian_linux:libnss3-1d", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1138.NASL", "href": "https://www.tenable.com/plugins/nessus/103988", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1138-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103988);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-7805\");\n\n script_name(english:\"Debian DLA-1138-1 : nss security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Martin Thomson discovered that nss, the Mozilla Network Security\nService library, is prone to a use-after-free vulnerability in the TLS\n1.2 implementation when handshake hashes are generated. A remote\nattacker can take advantage of this flaw to cause an application using\nthe nss library to crash, resulting in a denial of service, or\npotentially to execute arbitrary code.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2:3.26-1+debu7u5.\n\nWe recommend that you upgrade your nss packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/nss\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libnss3\", reference:\"2:3.26-1+debu7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnss3-1d\", reference:\"2:3.26-1+debu7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnss3-dbg\", reference:\"2:3.26-1+debu7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnss3-dev\", reference:\"2:3.26-1+debu7u5\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libnss3-tools\", reference:\"2:3.26-1+debu7u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-06T10:59:29", "description": "Mozilla reports :\n\nDuring TLS 1.2 exchanges, handshake hashes are generated which point\nto a message buffer. This saved data is used for later messages but in\nsome cases, the handshake transcript can exceed the space available in\nthe current buffer, causing the allocation of a new buffer. This\nleaves a pointer pointing to the old, freed buffer, resulting in a\nuse-after-free when handshake hashes are then calculated afterwards.\nThis can result in a potentially exploitable crash.", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-10-13T00:00:00", "title": "FreeBSD : nss -- Use-after-free in TLS 1.2 generating handshake hashes (e71fd9d3-af47-11e7-a633-009c02a2ab30)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "modified": "2017-10-13T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:nss", "p-cpe:/a:freebsd:freebsd:linux-c7-nss", "p-cpe:/a:freebsd:freebsd:linux-c6-nss"], "id": "FREEBSD_PKG_E71FD9D3AF4711E7A633009C02A2AB30.NASL", "href": "https://www.tenable.com/plugins/nessus/103828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103828);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-7805\");\n\n script_name(english:\"FreeBSD : nss -- Use-after-free in TLS 1.2 generating handshake hashes (e71fd9d3-af47-11e7-a633-009c02a2ab30)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla reports :\n\nDuring TLS 1.2 exchanges, handshake hashes are generated which point\nto a message buffer. This saved data is used for later messages but in\nsome cases, the handshake transcript can exceed the space available in\nthe current buffer, causing the allocation of a new buffer. This\nleaves a pointer pointing to the old, freed buffer, resulting in a\nuse-after-free when handshake hashes are then calculated afterwards.\nThis can result in a potentially exploitable crash.\"\n );\n # https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f536ef26\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://hg.mozilla.org/projects/nss/rev/2d7b65b72290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://hg.mozilla.org/projects/nss/rev/d3865e2957d0\"\n );\n # https://vuxml.freebsd.org/freebsd/e71fd9d3-af47-11e7-a633-009c02a2ab30.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf10e5bd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c7-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"nss>=3.32<3.32.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"nss>=3.28<3.28.6\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-nss>=3.28<3.28.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c7-nss>=3.28<3.28.4_2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-02-01T05:35:48", "description": "An update for nss is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the TLS 1.2 implementation in the\nNSS library when client authentication was used. A malicious client\ncould use this flaw to cause an application compiled against NSS to\ncrash or, potentially, execute arbitrary code with the permission of\nthe user running the application. (CVE-2017-7805)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Martin Thomson as the original reporter.", "edition": 32, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-09-29T00:00:00", "title": "RHEL 6 / 7 : nss (RHSA-2017:2832)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:nss-debuginfo", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:nss-devel", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:nss-tools", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:nss", "p-cpe:/a:redhat:enterprise_linux:nss-sysinit"], "id": "REDHAT-RHSA-2017-2832.NASL", "href": "https://www.tenable.com/plugins/nessus/103562", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:2832. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103562);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-7805\");\n script_xref(name:\"RHSA\", value:\"2017:2832\");\n\n script_name(english:\"RHEL 6 / 7 : nss (RHSA-2017:2832)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for nss is now available for Red Hat Enterprise Linux 6 and\nRed Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw was found in the TLS 1.2 implementation in the\nNSS library when client authentication was used. A malicious client\ncould use this flaw to cause an application compiled against NSS to\ncrash or, potentially, execute arbitrary code with the permission of\nthe user running the application. (CVE-2017-7805)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Martin Thomson as the original reporter.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:2832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7805\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:2832\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"nss-3.28.4-4.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-debuginfo-3.28.4-4.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-devel-3.28.4-4.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-pkcs11-devel-3.28.4-4.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nss-sysinit-3.28.4-4.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nss-sysinit-3.28.4-4.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nss-sysinit-3.28.4-4.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"nss-tools-3.28.4-4.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"nss-tools-3.28.4-4.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"nss-tools-3.28.4-4.el6_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-3.28.4-12.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-debuginfo-3.28.4-12.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-devel-3.28.4-12.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-pkcs11-devel-3.28.4-12.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"nss-sysinit-3.28.4-12.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"nss-sysinit-3.28.4-12.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"nss-tools-3.28.4-12.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"nss-tools-3.28.4-12.el7_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-sysinit / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T13:50:13", "description": "Security Fix(es) :\n\n - A use-after-free flaw was found in the TLS 1.2\n implementation in the NSS library when client\n authentication was used. A malicious client could use\n this flaw to cause an application compiled against NSS\n to crash or, potentially, execute arbitrary code with\n the permission of the user running the application.\n (CVE-2017-7805)", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-10-02T00:00:00", "title": "Scientific Linux Security Update : nss on SL6.x, SL7.x i386/x86_64 (20170929)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "modified": "2017-10-02T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:nss-devel", "p-cpe:/a:fermilab:scientific_linux:nss-debuginfo", "p-cpe:/a:fermilab:scientific_linux:nss-pkcs11-devel", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:nss", "p-cpe:/a:fermilab:scientific_linux:nss-tools", "p-cpe:/a:fermilab:scientific_linux:nss-sysinit"], "id": "SL_20170929_NSS_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/103595", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103595);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-7805\");\n\n script_name(english:\"Scientific Linux Security Update : nss on SL6.x, SL7.x i386/x86_64 (20170929)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A use-after-free flaw was found in the TLS 1.2\n implementation in the NSS library when client\n authentication was used. A malicious client could use\n this flaw to cause an application compiled against NSS\n to crash or, potentially, execute arbitrary code with\n the permission of the user running the application.\n (CVE-2017-7805)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1709&L=scientific-linux-errata&F=&S=&P=4248\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8821aa3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"nss-3.28.4-4.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-debuginfo-3.28.4-4.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-devel-3.28.4-4.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-pkcs11-devel-3.28.4-4.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-sysinit-3.28.4-4.el6_9\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-tools-3.28.4-4.el6_9\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-3.28.4-12.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-debuginfo-3.28.4-12.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-devel-3.28.4-12.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-pkcs11-devel-3.28.4-12.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-sysinit-3.28.4-12.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-tools-3.28.4-12.el7_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-sysinit / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-02-01T01:21:41", "description": "Potential use-after-free in TLS 1.2 server when verifying client\nauthentication :\n\nA use-after-free flaw was found in the TLS 1.2 implementation in the\nNSS library when client authentication was used. A malicious client\ncould use this flaw to cause an application compiled against NSS to\ncrash or, potentially, execute arbitrary code with the permission of\nthe user running the application. (CVE-2017-7805)", "edition": 25, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-10-13T00:00:00", "title": "Amazon Linux AMI : nss (ALAS-2017-911)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:nss-sysinit", "p-cpe:/a:amazon:linux:nss-devel", "p-cpe:/a:amazon:linux:nss", "p-cpe:/a:amazon:linux:nss-debuginfo", "p-cpe:/a:amazon:linux:nss-pkcs11-devel", "p-cpe:/a:amazon:linux:nss-tools", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-911.NASL", "href": "https://www.tenable.com/plugins/nessus/103824", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-911.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103824);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/08/31 12:25:00\");\n\n script_cve_id(\"CVE-2017-7805\");\n script_xref(name:\"ALAS\", value:\"2017-911\");\n\n script_name(english:\"Amazon Linux AMI : nss (ALAS-2017-911)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Potential use-after-free in TLS 1.2 server when verifying client\nauthentication :\n\nA use-after-free flaw was found in the TLS 1.2 implementation in the\nNSS library when client authentication was used. A malicious client\ncould use this flaw to cause an application compiled against NSS to\ncrash or, potentially, execute arbitrary code with the permission of\nthe user running the application. (CVE-2017-7805)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-911.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update nss' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-sysinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"nss-3.28.4-12.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-debuginfo-3.28.4-12.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-devel-3.28.4-12.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-pkcs11-devel-3.28.4-12.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-sysinit-3.28.4-12.80.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-tools-3.28.4-12.80.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-debuginfo / nss-devel / nss-pkcs11-devel / nss-sysinit / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-17T12:03:18", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has nss packages installed that are affected by a\nvulnerability:\n\n - A use-after-free flaw was found in the TLS 1.2\n implementation in the NSS library when client\n authentication was used. A malicious client could use\n this flaw to cause an application compiled against NSS\n to crash or, potentially, execute arbitrary code with\n the permission of the user running the application.\n (CVE-2017-7805)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-08-12T00:00:00", "title": "NewStart CGSL MAIN 4.05 : nss Vulnerability (NS-SA-2019-0112)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "modified": "2019-08-12T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0112_NSS.NASL", "href": "https://www.tenable.com/plugins/nessus/127350", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0112. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127350);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-7805\");\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : nss Vulnerability (NS-SA-2019-0112)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has nss packages installed that are affected by a\nvulnerability:\n\n - A use-after-free flaw was found in the TLS 1.2\n implementation in the NSS library when client\n authentication was used. A malicious client could use\n this flaw to cause an application compiled against NSS\n to crash or, potentially, execute arbitrary code with\n the permission of the user running the application.\n (CVE-2017-7805)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0112\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL nss packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"nss-3.28.4-4.el6_9\",\n \"nss-devel-3.28.4-4.el6_9\",\n \"nss-sysinit-3.28.4-4.el6_9\",\n \"nss-tools-3.28.4-4.el6_9\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-01-27T18:37:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171246", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171246", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2017-1246)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1246\");\n script_version(\"2020-01-23T11:01:11+0000\");\n script_cve_id(\"CVE-2017-7805\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:01:11 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:01:11 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2017-1246)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1246\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1246\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'nss' package(s) announced via the EulerOS-SA-2017-1246 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application.(CVE-2017-7805)\");\n\n script_tag(name:\"affected\", value:\"'nss' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.28.4~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.28.4~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-sysinit\", rpm:\"nss-sysinit~3.28.4~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.28.4~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-10-05T00:00:00", "id": "OPENVAS:1361412562310843318", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843318", "type": "openvas", "title": "Ubuntu Update for nss USN-3431-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3431_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for nss USN-3431-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843318\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-05 11:55:02 +0530 (Thu, 05 Oct 2017)\");\n script_cve_id(\"CVE-2017-7805\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for nss USN-3431-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nss'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Martin Thomson discovered that NSS\n incorrectly generated handshake hashes. A remote attacker could use this issue\n to cause NSS to crash, resulting in a denial of service, or possibly execute\n arbitrary code.\");\n script_tag(name:\"affected\", value:\"nss on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3431-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3431-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libnss3:amd64\", ver:\"2:3.28.4-0ubuntu0.14.04.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3:i386\", ver:\"2:3.28.4-0ubuntu0.14.04.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libnss3:amd64\", ver:\"2:3.28.4-0ubuntu0.17.04.3\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3:i386\", ver:\"2:3.28.4-0ubuntu0.17.04.3\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libnss3:amd64\", ver:\"2:3.28.4-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3:i386\", ver:\"2:3.28.4-0ubuntu0.16.04.3\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "description": "Martin Thomson discovered that nss, the Mozilla Network Security Service\nlibrary, is prone to a use-after-free vulnerability in the TLS 1.2\nimplementation when handshake hashes are generated. A remote attacker\ncan take advantage of this flaw to cause an application using the nss\nlibrary to crash, resulting in a denial of service, or potentially to\nexecute arbitrary code.", "modified": "2019-03-18T00:00:00", "published": "2017-10-11T00:00:00", "id": "OPENVAS:1361412562310703998", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703998", "type": "openvas", "title": "Debian Security Advisory DSA 3998-1 (nss - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3998.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3998-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703998\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-7805\");\n script_name(\"Debian Security Advisory DSA 3998-1 (nss - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-11 00:00:00 +0200 (Wed, 11 Oct 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3998.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(10|9|8)\");\n script_tag(name:\"affected\", value:\"nss on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 2:3.26-1+debu8u3.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2:3.26.2-1.1+deb9u1.\n\nFor the testing distribution (buster), this problem has been fixed\nin version 2:3.33-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:3.33-1.\n\nWe recommend that you upgrade your nss packages.\");\n script_tag(name:\"summary\", value:\"Martin Thomson discovered that nss, the Mozilla Network Security Service\nlibrary, is prone to a use-after-free vulnerability in the TLS 1.2\nimplementation when handshake hashes are generated. A remote attacker\ncan take advantage of this flaw to cause an application using the nss\nlibrary to crash, resulting in a denial of service, or potentially to\nexecute arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libnss3\", ver:\"2:3.33-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3-dbg\", ver:\"2:3.33-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"2:3.33-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"2:3.33-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3\", ver:\"2:3.26.2-1.1+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3-dbg\", ver:\"2:3.26.2-1.1+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"2:3.26.2-1.1+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"2:3.26.2-1.1+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3\", ver:\"2:3.26-1+debu8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3-1d\", ver:\"2:3.26-1+debu8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3-dbg\", ver:\"2:3.26-1+debu8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"2:3.26-1+debu8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"2:3.26-1+debu8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-10-05T00:00:00", "id": "OPENVAS:1361412562310812008", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812008", "type": "openvas", "title": "RedHat Update for nss RHSA-2017:2832-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_2832-01_nss.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for nss RHSA-2017:2832-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812008\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-05 11:55:22 +0530 (Thu, 05 Oct 2017)\");\n script_cve_id(\"CVE-2017-7805\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for nss RHSA-2017:2832-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nss'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set\nof libraries designed to support the cross-platform development of security-enabled\nclient and server applications.\n\nSecurity Fix(es):\n\n * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS\nlibrary when client authentication was used. A malicious client could use\nthis flaw to cause an application compiled against NSS to crash or,\npotentially, execute arbitrary code with the permission of the user running\nthe application. (CVE-2017-7805)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Martin Thomson as the original reporter.\");\n script_tag(name:\"affected\", value:\"nss on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2832-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-September/msg00070.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.28.4~12.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.28.4~12.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.28.4~12.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-sysinit\", rpm:\"nss-sysinit~3.28.4~12.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.28.4~12.el7_4\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.28.4~4.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.28.4~4.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.28.4~4.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-sysinit\", rpm:\"nss-sysinit~3.28.4~4.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.28.4~4.el6_9\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "description": "Check the version of nss", "modified": "2019-03-08T00:00:00", "published": "2017-10-05T00:00:00", "id": "OPENVAS:1361412562310882776", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882776", "type": "openvas", "title": "CentOS Update for nss CESA-2017:2832 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_2832_nss_centos6.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for nss CESA-2017:2832 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882776\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-05 11:55:01 +0530 (Thu, 05 Oct 2017)\");\n script_cve_id(\"CVE-2017-7805\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for nss CESA-2017:2832 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of nss\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set\nof libraries designed to support the cross-platform development of security-enabled\nclient and server applications.\n\nSecurity Fix(es):\n\n * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS\nlibrary when client authentication was used. A malicious client could use\nthis flaw to cause an application compiled against NSS to crash or,\npotentially, execute arbitrary code with the permission of the user running\nthe application. (CVE-2017-7805)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Martin Thomson as the original reporter.\");\n script_tag(name:\"affected\", value:\"nss on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:2832\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-September/022552.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.28.4~4.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.28.4~4.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.28.4~4.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-sysinit\", rpm:\"nss-sysinit~3.28.4~4.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.28.4~4.el6_9\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "description": "Check the version of nss", "modified": "2019-03-08T00:00:00", "published": "2017-10-05T00:00:00", "id": "OPENVAS:1361412562310882779", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882779", "type": "openvas", "title": "CentOS Update for nss CESA-2017:2832 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_2832_nss_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for nss CESA-2017:2832 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882779\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-05 11:54:53 +0530 (Thu, 05 Oct 2017)\");\n script_cve_id(\"CVE-2017-7805\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for nss CESA-2017:2832 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of nss\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set\nof libraries designed to support the cross-platform development of security-enabled\nclient and server applications.\n\nSecurity Fix(es):\n\n * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS\nlibrary when client authentication was used. A malicious client could use\nthis flaw to cause an application compiled against NSS to crash or,\npotentially, execute arbitrary code with the permission of the user running\nthe application. (CVE-2017-7805)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Martin Thomson as the original reporter.\");\n script_tag(name:\"affected\", value:\"nss on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:2832\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-September/022550.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.28.4~12.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.28.4~12.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.28.4~12.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-sysinit\", rpm:\"nss-sysinit~3.28.4~12.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.28.4~12.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:11:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "description": "Martin Thomson discovered that nss, the Mozilla Network Security Service\nlibrary, is prone to a use-after-free vulnerability in the TLS 1.2\nimplementation when handshake hashes are generated. A remote attacker\ncan take advantage of this flaw to cause an application using the nss\nlibrary to crash, resulting in a denial of service, or potentially to\nexecute arbitrary code.", "modified": "2020-01-29T00:00:00", "published": "2018-02-08T00:00:00", "id": "OPENVAS:1361412562310891138", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891138", "type": "openvas", "title": "Debian LTS: Security Advisory for nss (DLA-1138-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891138\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-7805\");\n script_name(\"Debian LTS: Security Advisory for nss (DLA-1138-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-08 00:00:00 +0100 (Thu, 08 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00017.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"nss on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n2:3.26-1+debu7u5.\n\nWe recommend that you upgrade your nss packages.\");\n\n script_tag(name:\"summary\", value:\"Martin Thomson discovered that nss, the Mozilla Network Security Service\nlibrary, is prone to a use-after-free vulnerability in the TLS 1.2\nimplementation when handshake hashes are generated. A remote attacker\ncan take advantage of this flaw to cause an application using the nss\nlibrary to crash, resulting in a denial of service, or potentially to\nexecute arbitrary code.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libnss3\", ver:\"2:3.26-1+debu7u5\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnss3-1d\", ver:\"2:3.26-1+debu7u5\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnss3-dbg\", ver:\"2:3.26-1+debu7u5\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"2:3.26-1+debu7u5\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"2:3.26-1+debu7u5\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:35:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7805"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171247", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171247", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2017-1247)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1247\");\n script_version(\"2020-01-23T11:01:12+0000\");\n script_cve_id(\"CVE-2017-7805\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:01:12 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:01:12 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2017-1247)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1247\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1247\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'nss' package(s) announced via the EulerOS-SA-2017-1247 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application.(CVE-2017-7805)\");\n\n script_tag(name:\"affected\", value:\"'nss' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.28.4~12\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.28.4~12\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-sysinit\", rpm:\"nss-sysinit~3.28.4~12\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.28.4~12\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:33:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12384", "CVE-2017-7805"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191397", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191397", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2019-1397)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1397\");\n script_version(\"2020-01-23T11:41:53+0000\");\n script_cve_id(\"CVE-2017-7805\", \"CVE-2018-12384\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:41:53 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:41:53 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2019-1397)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1397\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1397\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'nss' package(s) announced via the EulerOS-SA-2019-1397 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. (CVE-2018-12384)\n\nA use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application.(CVE-2017-7805)\");\n\n script_tag(name:\"affected\", value:\"'nss' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.36.0~8.h2\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-sysinit\", rpm:\"nss-sysinit~3.36.0~8.h2\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.36.0~8.h2\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-10-12T00:00:00", "id": "OPENVAS:1361412562310843338", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843338", "type": "openvas", "title": "Ubuntu Update for thunderbird USN-3436-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3436_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for thunderbird USN-3436-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843338\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-12 10:27:47 +0200 (Thu, 12 Oct 2017)\");\n script_cve_id(\"CVE-2017-7793\", \"CVE-2017-7810\", \"CVE-2017-7814\", \"CVE-2017-7818\",\n \"CVE-2017-7819\", \"CVE-2017-7823\", \"CVE-2017-7824\", \"CVE-2017-7805\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for thunderbird USN-3436-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'thunderbird'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple security issues were discovered in\n Thunderbird. If a user were tricked in to opening a specially crafted website in\n a browsing-like context, an attacker could potentially exploit these to read\n uninitialized memory, bypass phishing and malware protection, conduct cross-site\n scripting (XSS) attacks, cause a denial of service via application crash, or\n execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7814,\n CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824) Martin Thomson\n discovered that NSS incorrectly generated handshake hashes. A remote attacker\n could potentially exploit this to cause a denial of service via application\n crash, or execute arbitrary code. (CVE-2017-7805)\");\n script_tag(name:\"affected\", value:\"thunderbird on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3436-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3436-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:52.4.0+build1-0ubuntu0.14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:52.4.0+build1-0ubuntu0.17.04.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"thunderbird\", ver:\"1:52.4.0+build1-0ubuntu0.16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:43:52", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7805"], "description": "Martin Thomson discovered that NSS incorrectly generated handshake hashes. \nA remote attacker could use this issue to cause NSS to crash, resulting in \na denial of service, or possibly execute arbitrary code.", "edition": 6, "modified": "2017-10-02T00:00:00", "published": "2017-10-02T00:00:00", "id": "USN-3431-1", "href": "https://ubuntu.com/security/notices/USN-3431-1", "title": "NSS vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-02T11:44:04", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Multiple security issues were discovered in Thunderbird. If a user were \ntricked in to opening a specially crafted website in a browsing-like \ncontext, an attacker could potentially exploit these to read uninitialized \nmemory, bypass phishing and malware protection, conduct cross-site \nscripting (XSS) attacks, cause a denial of service via application crash, \nor execute arbitrary code. (CVE-2017-7793, CVE-2017-7810, CVE-2017-7814, \nCVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824)\n\nMartin Thomson discovered that NSS incorrectly generated handshake hashes. \nA remote attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code. (CVE-2017-7805)", "edition": 6, "modified": "2017-10-11T00:00:00", "published": "2017-10-11T00:00:00", "id": "USN-3436-1", "href": "https://ubuntu.com/security/notices/USN-3436-1", "title": "Thunderbird vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:43:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7822", "CVE-2017-7815", "CVE-2017-7821", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7820", "CVE-2017-7813", "CVE-2017-7811", "CVE-2017-7812", "CVE-2017-7819", "CVE-2017-7816", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "USN-3435-1 fixed vulnerabilities in Firefox. The update caused the Flash \nplugin to crash in some circumstances. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nMultiple security issues were discovered in Firefox. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to read uninitialized memory, obtain sensitive \ninformation, bypass phishing and malware protection, spoof the origin in \nmodal dialogs, conduct cross-site scripting (XSS) attacks, cause a denial \nof service via application crash, or execute arbitrary code. \n(CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, \nCVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819, \nCVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824)\n\nMartin Thomson discovered that NSS incorrectly generated handshake hashes. \nA remote attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code. (CVE-2017-7805)\n\nMultiple security issues were discovered in WebExtensions. If a user were \ntricked in to installing a specially crafted extension, an attacker could \npotentially exploit these to download and open non-executable files \nwithout interaction, or obtain elevated privileges. (CVE-2017-7816, \nCVE-2017-7821)", "edition": 7, "modified": "2017-10-04T00:00:00", "published": "2017-10-04T00:00:00", "id": "USN-3435-2", "href": "https://ubuntu.com/security/notices/USN-3435-2", "title": "Firefox regression", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:42:40", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7822", "CVE-2017-7815", "CVE-2017-7821", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7820", "CVE-2017-7813", "CVE-2017-7811", "CVE-2017-7812", "CVE-2017-7819", "CVE-2017-7816", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Multiple security issues were discovered in Firefox. If a user were \ntricked in to opening a specially crafted website, an attacker could \npotentially exploit these to read uninitialized memory, obtain sensitive \ninformation, bypass phishing and malware protection, spoof the origin in \nmodal dialogs, conduct cross-site scripting (XSS) attacks, cause a denial \nof service via application crash, or execute arbitrary code. \n(CVE-2017-7793, CVE-2017-7810, CVE-2017-7811, CVE-2017-7812, \nCVE-2017-7813, CVE-2017-7814, CVE-2017-7815, CVE-2017-7818, CVE-2017-7819, \nCVE-2017-7820, CVE-2017-7822, CVE-2017-7823, CVE-2017-7824)\n\nMartin Thomson discovered that NSS incorrectly generated handshake hashes. \nA remote attacker could potentially exploit this to cause a denial of \nservice via application crash, or execute arbitrary code. (CVE-2017-7805)\n\nMultiple security issues were discovered in WebExtensions. If a user were \ntricked in to installing a specially crafted extension, an attacker could \npotentially exploit these to download and open non-executable files \nwithout interaction, or obtain elevated privileges. (CVE-2017-7816, \nCVE-2017-7821)", "edition": 7, "modified": "2017-10-02T00:00:00", "published": "2017-10-02T00:00:00", "id": "USN-3435-1", "href": "https://ubuntu.com/security/notices/USN-3435-1", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-12-17T01:24:30", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7805"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3998-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nOctober 11, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nss\nCVE ID : CVE-2017-7805\n\nMartin Thomson discovered that nss, the Mozilla Network Security Service\nlibrary, is prone to a use-after-free vulnerability in the TLS 1.2\nimplementation when handshake hashes are generated. A remote attacker\ncan take advantage of this flaw to cause an application using the nss\nlibrary to crash, resulting in a denial of service, or potentially to\nexecute arbitrary code.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2:3.26-1+debu8u3.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2:3.26.2-1.1+deb9u1.\n\nFor the testing distribution (buster), this problem has been fixed\nin version 2:3.33-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2:3.33-1.\n\nWe recommend that you upgrade your nss packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2017-10-11T20:14:23", "published": "2017-10-11T20:14:23", "id": "DEBIAN:DSA-3998-1:53FB5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00260.html", "title": "[SECURITY] [DSA 3998-1] nss security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-30T02:22:15", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7805"], "description": "Package : nss\nVersion : 2:3.26-1+debu7u5\nCVE ID : CVE-2017-7805\n\nMartin Thomson discovered that nss, the Mozilla Network Security Service\nlibrary, is prone to a use-after-free vulnerability in the TLS 1.2\nimplementation when handshake hashes are generated. A remote attacker\ncan take advantage of this flaw to cause an application using the nss\nlibrary to crash, resulting in a denial of service, or potentially to\nexecute arbitrary code.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n2:3.26-1+debu7u5.\n\nWe recommend that you upgrade your nss packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-10-19T10:38:54", "published": "2017-10-19T10:38:54", "id": "DEBIAN:DLA-1138-1:010B9", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201710/msg00017.html", "title": "[SECURITY] [DLA 1138-1] nss security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-10-17T13:36:17", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4014-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nNovember 01, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : thunderbird\nCVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 \n CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824\n\nMultiple security issues have been found in Thunderbird, which may lead\nto the execution of arbitrary code or denial of service.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 1:52.4.0-1~deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:52.4.0-1~deb9u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 17, "modified": "2017-11-01T22:20:09", "published": "2017-11-01T22:20:09", "id": "DEBIAN:DSA-4014-1:790B0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00276.html", "title": "[SECURITY] [DSA 4014-1] thunderbird security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:20", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Package : firefox-esr\nVersion : 52.4.0esr-2~deb7u1\nCVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814\n CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824\n\nSeveral security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees, buffer\noverflows and other implementation errors may lead to the execution of\narbitrary code, denial of service, cross-site scripting or bypass of\nthe phishing and malware protection feature.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n52.4.0esr-2~deb7u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-09-30T16:57:30", "published": "2017-09-30T16:57:30", "id": "DEBIAN:DLA-1118-1:2A1EE", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201709/msg00035.html", "title": "[SECURITY] [DLA 1118-1] firefox-esr security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-11T01:29:47", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3987-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 29, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : firefox-esr\nCVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 \n CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824\n\nSeveral security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees, buffer\noverflows and other implementation errors may lead to the execution of\narbitrary code, denial of service, cross-site scripting or bypass of\nthe phishing and malware protection feature.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 52.4.0esr-1~deb8u1.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 52.4.0esr-1~deb9u1.\n\nWe recommend that you upgrade your firefox-esr packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 23, "modified": "2017-09-29T21:52:28", "published": "2017-09-29T21:52:28", "id": "DEBIAN:DSA-3987-1:D7A2C", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00249.html", "title": "[SECURITY] [DSA 3987-1] firefox-esr security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:21:30", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7825", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Package : thunderbird\nVersion : 1:52.4.0-1~deb7u1\nCVE ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814 \n CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824 \n CVE-2017-7825\n\nMultiple security issues have been found in the Mozilla Thunderbird mail\nclient: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to crashes or the execution of arbitrary\ncode.\n\nWith this update the source package name changes from icedove to\nthunderbird so icedove will not be mentioned anymore in future\nadvisories.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1:52.4.0-1~deb7u1.\n\nWe recommend that you upgrade your thunderbird packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-11-01T12:58:00", "published": "2017-11-01T12:58:00", "id": "DEBIAN:DLA-1153-1:BC79D", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201711/msg00000.html", "title": "[SECURITY] [DLA 1153-1] icedove/thunderbird security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7805"], "description": "\nMozilla reports:\n\nDuring TLS 1.2 exchanges, handshake hashes are generated which\n\t point to a message buffer. This saved data is used for later\n\t messages but in some cases, the handshake transcript can\n\t exceed the space available in the current buffer, causing the\n\t allocation of a new buffer. This leaves a pointer pointing to\n\t the old, freed buffer, resulting in a use-after-free when\n\t handshake hashes are then calculated afterwards. This can\n\t result in a potentially exploitable crash.\n\n", "edition": 6, "modified": "2018-01-29T00:00:00", "published": "2017-08-04T00:00:00", "id": "E71FD9D3-AF47-11E7-A633-009C02A2AB30", "href": "https://vuxml.freebsd.org/freebsd/e71fd9d3-af47-11e7-a633-009c02a2ab30.html", "title": "nss -- Use-after-free in TLS 1.2 generating handshake hashes", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:09", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7822", "CVE-2017-7815", "CVE-2017-7825", "CVE-2017-7821", "CVE-2017-7817", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7820", "CVE-2017-7813", "CVE-2017-7811", "CVE-2017-7812", "CVE-2017-7819", "CVE-2017-7816", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "\nMozilla Foundation reports:\n\nCVE-2017-7793: Use-after-free with Fetch API\nCVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode\nCVE-2017-7818: Use-after-free during ARIA array manipulation\nCVE-2017-7819: Use-after-free while resizing images in design mode\nCVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE\nCVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes\nCVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files\nCVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings\nCVE-2017-7813: Integer truncation in the JavaScript parser\nCVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces\nCVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations\nCVE-2017-7816: WebExtensions can load about: URLs in extension UI\nCVE-2017-7821: WebExtensions can download and open non-executable files without user interaction\nCVE-2017-7823: CSP sandbox directive did not create a unique origin\nCVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV\nCVE-2017-7820: Xray wrapper bypass with new tab and web console\nCVE-2017-7811: Memory safety bugs fixed in Firefox 56\nCVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4\n\n", "edition": 7, "modified": "2017-10-03T00:00:00", "published": "2017-09-28T00:00:00", "id": "1098A15B-B0F6-42B7-B5C7-8A8646E8BE07", "href": "https://vuxml.freebsd.org/freebsd/1098a15b-b0f6-42b7-b5c7-8a8646e8be07.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:12", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7805"], "description": "[3.28.4-12]\n- Backport patch to simplify transcript calculation for CertificateVerify", "edition": 6, "modified": "2017-09-28T00:00:00", "published": "2017-09-28T00:00:00", "id": "ELSA-2017-2832", "href": "http://linux.oracle.com/errata/ELSA-2017-2832.html", "title": "nss security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2020-12-08T03:36:15", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7805"], "description": "**CentOS Errata and Security Advisory** CESA-2017:2832\n\n\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.\n\nSecurity Fix(es):\n\n* A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805)\n\nRed Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Martin Thomson as the original reporter.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-September/034588.html\nhttp://lists.centos.org/pipermail/centos-announce/2017-September/034590.html\n\n**Affected packages:**\nnss\nnss-devel\nnss-pkcs11-devel\nnss-sysinit\nnss-tools\n\n**Upstream details at:**\n", "edition": 5, "modified": "2017-09-29T19:46:18", "published": "2017-09-29T19:42:08", "id": "CESA-2017:2832", "href": "http://lists.centos.org/pipermail/centos-announce/2017-September/034590.html", "title": "nss security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:52", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7805"], "description": "Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.\n\nSecurity Fix(es):\n\n* A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805)\n\nRed Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Martin Thomson as the original reporter.", "modified": "2018-06-07T18:21:56", "published": "2017-09-28T23:01:49", "id": "RHSA-2017:2832", "href": "https://access.redhat.com/errata/RHSA-2017:2832", "type": "redhat", "title": "(RHSA-2017:2832) Important: nss security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:37:23", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7805"], "description": "**Issue Overview:**\n\nPotential use-after-free in TLS 1.2 server when verifying client authentication: \nA use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. ([CVE-2017-7805 __](<https://access.redhat.com/security/cve/CVE-2017-7805>))\n\n \n**Affected Packages:** \n\n\nnss\n\n \n**Issue Correction:** \nRun _yum update nss_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n nss-tools-3.28.4-12.80.amzn1.i686 \n nss-debuginfo-3.28.4-12.80.amzn1.i686 \n nss-3.28.4-12.80.amzn1.i686 \n nss-sysinit-3.28.4-12.80.amzn1.i686 \n nss-pkcs11-devel-3.28.4-12.80.amzn1.i686 \n nss-devel-3.28.4-12.80.amzn1.i686 \n \n src: \n nss-3.28.4-12.80.amzn1.src \n \n x86_64: \n nss-pkcs11-devel-3.28.4-12.80.amzn1.x86_64 \n nss-devel-3.28.4-12.80.amzn1.x86_64 \n nss-3.28.4-12.80.amzn1.x86_64 \n nss-debuginfo-3.28.4-12.80.amzn1.x86_64 \n nss-sysinit-3.28.4-12.80.amzn1.x86_64 \n nss-tools-3.28.4-12.80.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2017-10-12T19:41:00", "published": "2017-10-12T19:41:00", "id": "ALAS-2017-911", "href": "https://alas.aws.amazon.com/ALAS-2017-911.html", "title": "Important: nss", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2017-10-02T19:53:49", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "This update to Mozilla Firefox 52.4esr, along with Mozilla NSS 3.28.6,\n fixes security issues and bugs.\n\n The following vulnerabilities advised upstream under MFSA 2017-22\n (boo#1060445) were fixed:\n\n - CVE-2017-7793: Use-after-free with Fetch API\n - CVE-2017-7818: Use-after-free during ARIA array manipulation\n - CVE-2017-7819: Use-after-free while resizing images in design mode\n - CVE-2017-7824: Buffer overflow when drawing and validating elements with\n ANGLE\n - CVE-2017-7814: Blob and data URLs bypass phishing and malware protection\n warnings\n - CVE-2017-7823: CSP sandbox directive did not create a unique origin\n - CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR\n 52.4\n\n The following security issue was fixed in Mozilla NSS 3.28.6:\n\n - CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes\n (bsc#1061005)\n\n The following bug was fixed:\n\n - boo#1029917: language accept header use incorrect locale\n\n For compatibility reasons, java-1_8_0-openjdk was rebuilt to the updated\n version of NSS.\n\n", "edition": 1, "modified": "2017-10-02T18:09:14", "published": "2017-10-02T18:09:14", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00002.html", "id": "OPENSUSE-SU-2017:2615-1", "title": "Security update for Mozilla Firefox and NSS (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-10-27T20:32:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7825", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "This update for MozillaFirefox and mozilla-nss fixes the following issues:\n\n Mozilla Firefox was updated to ESR 52.4 (bsc#1060445)\n\n * MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic\n unicode characters as spaces\n * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating\n handshake hashes\n * MFSA 2017-22/CVE-2017-7819: Use-after-free while resizing images in\n design mode\n * MFSA 2017-22/CVE-2017-7818: Use-after-free during ARIA array manipulation\n * MFSA 2017-22/CVE-2017-7793: Use-after-free with Fetch API\n * MFSA 2017-22/CVE-2017-7824: Buffer overflow when drawing and validating\n elements with ANGLE\n * MFSA 2017-22/CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and\n Firefox ESR 52.4\n * MFSA 2017-22/CVE-2017-7823: CSP sandbox directive did not create a\n unique origin\n * MFSA 2017-22/CVE-2017-7814: Blob and data URLs bypass phishing and\n malware protection warnings\n\n Mozilla Network Security Services (Mozilla NSS) received a security fix:\n\n * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating\n handshake hashes (bsc#1061005, bsc#1060445)\n\n", "edition": 1, "modified": "2017-10-27T18:54:21", "published": "2017-10-27T18:54:21", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00079.html", "id": "SUSE-SU-2017:2872-1", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-11-14T00:33:44", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7825", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "This update for MozillaFirefox and mozilla-nss fixes the following issues:\n\n Mozilla Firefox was updated to ESR 52.4 (bsc#1060445)\n\n * MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic\n unicode characters as spaces\n * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating\n handshake hashes\n * MFSA 2017-22/CVE-2017-7819: Use-after-free while resizing images in\n design mode\n * MFSA 2017-22/CVE-2017-7818: Use-after-free during ARIA array manipulation\n * MFSA 2017-22/CVE-2017-7793: Use-after-free with Fetch API\n * MFSA 2017-22/CVE-2017-7824: Buffer overflow when drawing and validating\n elements with ANGLE\n * MFSA 2017-22/CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and\n Firefox ESR 52.4\n * MFSA 2017-22/CVE-2017-7823: CSP sandbox directive did not create a\n unique origin\n * MFSA 2017-22/CVE-2017-7814: Blob and data URLs bypass phishing and\n malware protection warnings\n\n Mozilla Network Security Services (Mozilla NSS) received a security fix:\n\n * MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating\n handshake hashes (bsc#1061005, bsc#1060445)\n\n", "edition": 1, "modified": "2017-11-13T21:08:19", "published": "2017-11-13T21:08:19", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00024.html", "id": "SUSE-SU-2017:2872-2", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-10-10T17:54:31", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7825", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "This update for MozillaFirefox to ESR 52.4, mozilla-nss fixes the\n following issues:\n\n This security issue was fixed for mozilla-nss:\n\n - CVE-2017-7805: Prevent use-after-free in TLS 1.2 when generating\n handshake hashes (bsc#1061005)\n\n These security issues were fixed for Firefox\n\n - CVE-2017-7825: Fixed some Tibetan and Arabic unicode characters\n rendering (bsc#1060445).\n - CVE-2017-7805: Prevent Use-after-free in TLS 1.2 generating handshake\n hashes (bsc#1060445).\n - CVE-2017-7819: Prevent Use-after-free while resizing images in design\n mode (bsc#1060445).\n - CVE-2017-7818: Prevent Use-after-free during ARIA array manipulation\n (bsc#1060445).\n - CVE-2017-7793: Prevent Use-after-free with Fetch API (bsc#1060445).\n - CVE-2017-7824: Prevent Buffer overflow when drawing and validating\n elements with ANGLE (bsc#1060445).\n - CVE-2017-7810: Fixed several memory safety bugs (bsc#1060445).\n - CVE-2017-7823: CSP sandbox directive did not create a unique origin\n (bsc#1060445).\n - CVE-2017-7814: Blob and data URLs bypassed phishing and malware\n protection warnings (bsc#1060445).\n\n", "edition": 1, "modified": "2017-10-10T15:09:53", "published": "2017-10-10T15:09:53", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00008.html", "id": "SUSE-SU-2017:2688-1", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-10-12T01:54:37", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7825", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Mozilla Thunderbird was updated to 52.4.0 (boo#1060445)\n * new behavior was introduced for replies to mailing list posts: "When\n replying to a mailing list, reply will be sent to address in From\n header ignoring Reply-to header". A new preference\n mail.override_list_reply_to allows to restore the previous behavior.\n * Under certain circumstances (image attachment and non-image\n attachment), attached images were shown truncated in messages stored\n in IMAP folders not synchronised for offline use.\n * IMAP UIDs > 0x7FFFFFFF now handled properly Security fixes from Gecko\n 52.4esr\n * CVE-2017-7793 (bmo#1371889) Use-after-free with Fetch API\n * CVE-2017-7818 (bmo#1363723) Use-after-free during ARIA array\n manipulation\n * CVE-2017-7819 (bmo#1380292) Use-after-free while resizing images in\n design mode\n * CVE-2017-7824 (bmo#1398381) Buffer overflow when drawing and\n validating elements with ANGLE\n * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) Use-after-free\n in TLS 1.2 generating handshake hashes\n * CVE-2017-7814 (bmo#1376036) Blob and data URLs bypass phishing and\n malware protection warnings\n * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only) OS X fonts render\n some Tibetan and Arabic unicode characters as spaces\n * CVE-2017-7823 (bmo#1396320) CSP sandbox directive did not create a\n unique origin\n * CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR\n 52.4\n\n - Add alsa-devel BuildRequires: we care for ALSA support to be built and\n thus need to ensure we get the dependencies in place. In the past,\n alsa-devel was pulled in by accident: we buildrequire libgnome-devel.\n This required esound-devel and that in turn pulled in alsa-devel for us.\n libgnome is being fixed to no longer require esound-devel.\n\n", "edition": 1, "modified": "2017-10-12T00:13:55", "published": "2017-10-12T00:13:55", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00014.html", "id": "OPENSUSE-SU-2017:2710-1", "title": "Security update for MozillaThunderbird (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-10-12T01:54:37", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7825", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "Mozilla Thunderbird was updated to 52.4.0 (boo#1060445)\n * new behavior was introduced for replies to mailing list posts: "When\n replying to a mailing list, reply will be sent to address in From\n header ignoring Reply-to header". A new preference\n mail.override_list_reply_to allows to restore the previous behavior.\n * Under certain circumstances (image attachment and non-image\n attachment), attached images were shown truncated in messages stored\n in IMAP folders not synchronised for offline use.\n * IMAP UIDs > 0x7FFFFFFF now handled properly Security fixes from Gecko\n 52.4esr\n * CVE-2017-7793 (bmo#1371889) Use-after-free with Fetch API\n * CVE-2017-7818 (bmo#1363723) Use-after-free during ARIA array\n manipulation\n * CVE-2017-7819 (bmo#1380292) Use-after-free while resizing images in\n design mode\n * CVE-2017-7824 (bmo#1398381) Buffer overflow when drawing and\n validating elements with ANGLE\n * CVE-2017-7805 (bmo#1377618) (fixed via NSS requirement) Use-after-free\n in TLS 1.2 generating handshake hashes\n * CVE-2017-7814 (bmo#1376036) Blob and data URLs bypass phishing and\n malware protection warnings\n * CVE-2017-7825 (bmo#1393624, bmo#1390980) (OSX-only) OS X fonts render\n some Tibetan and Arabic unicode characters as spaces\n * CVE-2017-7823 (bmo#1396320) CSP sandbox directive did not create a\n unique origin\n * CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR\n 52.4\n\n - Add alsa-devel BuildRequires: we care for ALSA support to be built and\n thus need to ensure we get the dependencies in place. In the past,\n alsa-devel was pulled in by accident: we buildrequire libgnome-devel.\n This required esound-devel and that in turn pulled in alsa-devel for us.\n libgnome is being fixed to no longer require esound-devel.\n\n", "edition": 1, "modified": "2017-10-12T00:11:14", "published": "2017-10-12T00:11:14", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00013.html", "id": "OPENSUSE-SU-2017:2707-1", "title": "Security update for MozillaThunderbird (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7793", "CVE-2017-7805", "CVE-2017-7810", "CVE-2017-7814", "CVE-2017-7818", "CVE-2017-7819", "CVE-2017-7823", "CVE-2017-7824"], "description": "Arch Linux Security Advisory ASA-201710-19\n==========================================\n\nSeverity: Critical\nDate : 2017-10-12\nCVE-ID : CVE-2017-7793 CVE-2017-7805 CVE-2017-7810 CVE-2017-7814\nCVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824\nPackage : thunderbird\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-441\n\nSummary\n=======\n\nThe package thunderbird before version 52.4.0-1 is vulnerable to\nmultiple issues including arbitrary code execution, access restriction\nbypass and cross-site scripting.\n\nResolution\n==========\n\nUpgrade to 52.4.0-1.\n\n# pacman -Syu \"thunderbird>=52.4.0-1\"\n\nThe problems have been fixed upstream in version 52.4.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2017-7793 (arbitrary code execution)\n\nA use-after-free vulnerability can occur in the Fetch API of\nThunderbird < 52.4, when the worker or the associated window are freed\nwhen still in use, resulting in a potentially exploitable crash.\n\n- CVE-2017-7805 (arbitrary code execution)\n\nA security issue has been found in Thunderbird < 52.4. During TLS 1.2\nexchanges, handshake hashes are generated which point to a message\nbuffer. This saved data is used for later messages but in some cases,\nthe handshake transcript can exceed the space available in the current\nbuffer, causing the allocation of a new buffer. This leaves a pointer\npointing to the old, freed buffer, resulting in a use-after-free when\nhandshake hashes are then calculated afterwards. This can result in a\npotentially exploitable crash.\n\n- CVE-2017-7810 (arbitrary code execution)\n\nMozilla developers and community members Christoph Diehl, Jan de Mooij,\nJason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian\nHengst reported memory safety bugs present in Firefox <= 55, Firefox\nESR <= 52.3, and Thunderbird <= 52.3. Some of these bugs showed\nevidence of memory corruption and we presume that with enough effort\nthat some of these could be exploited to run arbitrary code.\n\n- CVE-2017-7814 (access restriction bypass)\n\nA security issue has been found in Thunderbird < 52.4. File downloads\nencoded with blob: and data: URL elements bypassed normal file download\nchecks though the Phishing and Malware Protection feature and its block\nlists of suspicious sites and files. This would allow malicious sites\nto lure users into downloading executables that would otherwise be\ndetected as suspicious.\n\n- CVE-2017-7818 (arbitrary code execution)\n\nA use-after-free vulnerability can occur when manipulating arrays of\nAccessible Rich Internet Applications (ARIA) elements within containers\nthrough the DOM, in Thunderbird < 52.4. This results in a potentially\nexploitable crash.\n\n- CVE-2017-7819 (arbitrary code execution)\n\nA use-after-free vulnerability can occur in design mode when image\nobjects are resized if objects referenced during the resizing have been\nfreed from memory, in Thunderbird < 52.4. This results in a potentially\nexploitable crash.\n\n- CVE-2017-7823 (cross-site scripting)\n\nThe content security policy (CSP) sandbox directive in Thunderbird <\n52.4 did not create a unique origin for the document, causing it to\nbehave as if the allow-same-origin keyword were always specified. This\ncould allow a Cross-Site Scripting (XSS) attack to be launched from\nunsafe content.\n\n- CVE-2017-7824 (arbitrary code execution)\n\nA buffer overflow occurs when drawing and validating elements with the\nANGLE graphics library, used for WebGL content in Thunderbird < 52.4.\nThis is due to an incorrect value being passed within the library\nduring checks and results in a potentially exploitable crash.\n\nImpact\n======\n\nA remote attacker can bypass security measures like the phishing and\nmalware protection or a content security policy, and execute arbitrary\ncode on the affected host.\n\nReferences\n==========\n\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7793\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1371889\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7805\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1377618\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7810\nhttps://bugzilla.mozilla.org/buglist.cgi?bug_id=1386787%2C1389974%2C1371657%2C1360334%2C1390550%2C1380824%2C1387918%2C1395598\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7814\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1376036\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7818\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1363723\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7819\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1380292\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7823\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1396320\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7824\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1398381\nhttps://security.archlinux.org/CVE-2017-7793\nhttps://security.archlinux.org/CVE-2017-7805\nhttps://security.archlinux.org/CVE-2017-7810\nhttps://security.archlinux.org/CVE-2017-7814\nhttps://security.archlinux.org/CVE-2017-7818\nhttps://security.archlinux.org/CVE-2017-7819\nhttps://security.archlinux.org/CVE-2017-7823\nhttps://security.archlinux.org/CVE-2017-7824", "modified": "2017-10-12T00:00:00", "published": "2017-10-12T00:00:00", "id": "ASA-201710-19", "href": "https://security.archlinux.org/ASA-201710-19", "type": "archlinux", "title": "[ASA-201710-19] thunderbird: multiple issues", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2020-09-02T11:46:58", "bulletinFamily": "info", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7825", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7819", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "### *Detect date*:\n10/09/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, perform cross-site scripting and execute arbitrary code.\n\n### *Affected products*:\nMozilla Thunderbird versions earlier than 52.4\n\n### *Solution*:\nUpdate to the latest version \n[Download Mozilla Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>)\n\n### *Original advisories*:\n[Mozilla Foundation Security Advisory 2017-23](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Thunderbird](<https://threats.kaspersky.com/en/product/Mozilla-Thunderbird/>)\n\n### *CVE-IDS*:\n[CVE-2017-7793](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7793>)9.8Critical \n[CVE-2017-7818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7818>)9.8Critical \n[CVE-2017-7819](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7819>)9.8Critical \n[CVE-2017-7824](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7824>)9.8Critical \n[CVE-2017-7805](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805>)7.5Critical \n[CVE-2017-7814](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7814>)7.8Critical \n[CVE-2017-7825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7825>)5.3High \n[CVE-2017-7823](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7823>)5.4High \n[CVE-2017-7810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7810>)9.8Critical", "edition": 45, "modified": "2020-05-22T00:00:00", "published": "2017-10-09T00:00:00", "id": "KLA11116", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11116", "title": "\r KLA11116Multiple vulnerabilities in Mozilla Thunderbird ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-02T11:45:38", "bulletinFamily": "info", "cvelist": ["CVE-2017-7824", "CVE-2017-7810", "CVE-2017-7822", "CVE-2017-7815", "CVE-2017-7825", "CVE-2017-7821", "CVE-2017-7817", "CVE-2017-7805", "CVE-2017-7823", "CVE-2017-7820", "CVE-2017-7813", "CVE-2017-7811", "CVE-2017-7812", "CVE-2017-7819", "CVE-2017-7816", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7814"], "description": "### *Detect date*:\n09/28/2017\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Firefox and Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions, obtain sensitive information and perform cross-site scripting.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 56 \nMozilla Firefox ESR versions earlier than 52.4\n\n### *Solution*:\nUpdate to the latest version \n[Download Mozilla Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/all/>) \n[Download Mozilla Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[MSFA 2017-22](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/>) \n[MSFA 2017-21](<https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2017-7793](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7793>)9.8Critical \n[CVE-2017-7818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7818>)9.8Critical \n[CVE-2017-7819](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7819>)9.8Critical \n[CVE-2017-7824](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7824>)9.8Critical \n[CVE-2017-7805](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805>)7.5Critical \n[CVE-2017-7814](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7814>)7.8Critical \n[CVE-2017-7825](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7825>)5.3High \n[CVE-2017-7823](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7823>)5.4High \n[CVE-2017-7810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7810>)9.8Critical \n[CVE-2017-7817](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7817>)5.0Critical \n[CVE-2017-7812](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7812>)5.0Critical \n[CVE-2017-7813](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7813>)6.4High \n[CVE-2017-7815](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7815>)5.0Critical \n[CVE-2017-7816](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7816>)5.0Critical \n[CVE-2017-7821](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7821>)7.5Critical \n[CVE-2017-7822](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7822>)5.0Critical \n[CVE-2017-7820](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7820>)5.0Critical \n[CVE-2017-7811](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7811>)9.8Critical", "edition": 46, "modified": "2020-05-22T00:00:00", "published": "2017-09-28T00:00:00", "id": "KLA11109", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11109", "title": "\r KLA11109Multiple vulnerabilities in Mozilla Firefox and Firefox ESR ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2018-04-04T07:02:03", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7847", "CVE-2017-7791", "CVE-2017-7784", "CVE-2017-7824", "CVE-2017-7800", "CVE-2017-7753", "CVE-2017-7801", "CVE-2017-7810", "CVE-2018-5097", "CVE-2018-5089", "CVE-2018-5096", "CVE-2018-5095", "CVE-2018-5098", "CVE-2017-7825", "CVE-2018-5102", "CVE-2017-7828", "CVE-2017-7848", "CVE-2017-7802", "CVE-2017-7787", "CVE-2017-7805", "CVE-2017-7829", "CVE-2017-7779", "CVE-2017-7785", "CVE-2017-7823", "CVE-2018-5117", "CVE-2017-7807", "CVE-2018-5104", "CVE-2017-7809", "CVE-2018-5103", "CVE-2017-7786", "CVE-2017-7846", "CVE-2017-7819", "CVE-2017-7803", "CVE-2017-7792", "CVE-2018-5099", "CVE-2017-7830", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-7826", "CVE-2017-7814"], "description": "### Background\n\nMozilla Thunderbird is a popular open-source email client from the Mozilla project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for details. \n\n### Impact\n\nA remote attacker may be able to execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, conduct URL hijacking, or conduct cross-site scripting (XSS). \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-52.6.0\"\n \n\nAll Thunderbird binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-52.6.0\"", "edition": 1, "modified": "2018-03-28T00:00:00", "published": "2018-03-28T00:00:00", "href": "https://security.gentoo.org/glsa/201803-14", "id": "GLSA-201803-14", "title": "Mozilla Thunderbird: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-02-20T04:07:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7772", "CVE-2017-7757", "CVE-2017-7754", "CVE-2017-7758", "CVE-2017-7773", "CVE-2017-7752", "CVE-2017-7791", "CVE-2017-7784", "CVE-2017-7824", "CVE-2017-5462", "CVE-2017-7800", "CVE-2017-7753", "CVE-2017-5436", "CVE-2017-7801", "CVE-2017-7810", "CVE-2018-5097", "CVE-2017-7778", "CVE-2017-5441", "CVE-2017-5472", "CVE-2016-10197", "CVE-2017-5442", "CVE-2017-5446", "CVE-2018-5089", "CVE-2017-5434", "CVE-2018-5091", "CVE-2017-7756", "CVE-2018-5096", "CVE-2017-5465", "CVE-2018-5095", "CVE-2017-7843", "CVE-2016-6354", "CVE-2017-7764", "CVE-2017-7771", "CVE-2018-5098", "CVE-2017-5429", "CVE-2018-5102", "CVE-2017-5440", "CVE-2017-5435", "CVE-2017-7802", "CVE-2017-7787", "CVE-2017-5432", "CVE-2017-5469", "CVE-2017-7749", "CVE-2017-7805", "CVE-2017-5470", "CVE-2017-5438", "CVE-2017-5439", "CVE-2017-7779", "CVE-2017-5445", "CVE-2016-10196", "CVE-2017-7785", "CVE-2017-5433", "CVE-2017-7751", "CVE-2017-7823", "CVE-2018-5117", "CVE-2017-7807", "CVE-2017-5447", "CVE-2017-5444", "CVE-2017-7750", "CVE-2017-5460", "CVE-2017-7777", "CVE-2018-5104", "CVE-2017-7809", "CVE-2017-7775", "CVE-2018-5103", "CVE-2017-7798", "CVE-2017-7786", "CVE-2017-7774", "CVE-2017-7776", "CVE-2017-7844", "CVE-2017-7819", "CVE-2017-5461", "CVE-2017-5437", "CVE-2017-7803", "CVE-2017-7792", "CVE-2018-5099", "CVE-2017-7793", "CVE-2017-7818", "CVE-2017-5448", "CVE-2017-5459", "CVE-2016-10195", "CVE-2017-5443", "CVE-2017-7814", "CVE-2017-5464"], "description": "### Background\n\nMozilla Firefox is a popular open-source web browser from the Mozilla Project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Mozilla Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-52.6.0\"\n \n\nAll Mozilla Firefox binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-52.6.0\"", "edition": 1, "modified": "2018-02-20T00:00:00", "published": "2018-02-20T00:00:00", "href": "https://security.gentoo.org/glsa/201802-03", "id": "GLSA-201802-03", "type": "gentoo", "title": "Mozilla Firefox: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oracle": [{"lastseen": "2020-10-04T21:15:53", "bulletinFamily": "software", "cvelist": ["CVE-2013-1768", "CVE-2014-0054", "CVE-2015-7501", "CVE-2015-7940", "CVE-2016-0635", "CVE-2016-2177", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2183", "CVE-2016-3092", "CVE-2016-3506", "CVE-2016-5007", "CVE-2016-5019", "CVE-2016-6302", "CVE-2016-6303", "CVE-2016-6304", "CVE-2016-6305", "CVE-2016-6306", "CVE-2016-6307", "CVE-2016-6308", "CVE-2016-6309", "CVE-2016-6814", "CVE-2016-7052", "CVE-2016-8745", "CVE-2016-9878", "CVE-2017-10393", "CVE-2017-10400", "CVE-2017-12617", "CVE-2017-13077", "CVE-2017-13078", "CVE-2017-13080", "CVE-2017-13082", "CVE-2017-15095", "CVE-2017-15707", "CVE-2017-17562", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-5645", "CVE-2017-5662", "CVE-2017-5664", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-7525", "CVE-2017-7674", "CVE-2017-7805", "CVE-2017-9798", "CVE-2018-0739", "CVE-2018-2563", "CVE-2018-2572", "CVE-2018-2587", "CVE-2018-2628", "CVE-2018-2718", "CVE-2018-2737", "CVE-2018-2738", "CVE-2018-2739", "CVE-2018-2742", "CVE-2018-2746", "CVE-2018-2747", "CVE-2018-2748", "CVE-2018-2749", "CVE-2018-2750", "CVE-2018-2752", "CVE-2018-2753", "CVE-2018-2754", "CVE-2018-2755", "CVE-2018-2756", "CVE-2018-2758", "CVE-2018-2759", "CVE-2018-2760", "CVE-2018-2761", "CVE-2018-2762", "CVE-2018-2763", "CVE-2018-2764", "CVE-2018-2765", "CVE-2018-2766", "CVE-2018-2768", "CVE-2018-2769", "CVE-2018-2770", "CVE-2018-2771", "CVE-2018-2772", "CVE-2018-2773", "CVE-2018-2774", "CVE-2018-2775", "CVE-2018-2776", "CVE-2018-2777", "CVE-2018-2778", "CVE-2018-2779", "CVE-2018-2780", "CVE-2018-2781", "CVE-2018-2782", "CVE-2018-2783", "CVE-2018-2784", "CVE-2018-2785", "CVE-2018-2786", "CVE-2018-2787", "CVE-2018-2788", "CVE-2018-2789", "CVE-2018-2790", "CVE-2018-2791", "CVE-2018-2792", "CVE-2018-2793", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2801", "CVE-2018-2802", "CVE-2018-2803", "CVE-2018-2804", "CVE-2018-2805", "CVE-2018-2806", "CVE-2018-2807", "CVE-2018-2808", "CVE-2018-2809", "CVE-2018-2810", "CVE-2018-2811", "CVE-2018-2812", "CVE-2018-2813", "CVE-2018-2814", "CVE-2018-2815", "CVE-2018-2816", "CVE-2018-2817", "CVE-2018-2818", "CVE-2018-2819", "CVE-2018-2820", "CVE-2018-2821", "CVE-2018-2822", "CVE-2018-2823", "CVE-2018-2824", "CVE-2018-2825", "CVE-2018-2826", "CVE-2018-2827", "CVE-2018-2828", "CVE-2018-2829", "CVE-2018-2830", "CVE-2018-2831", "CVE-2018-2832", "CVE-2018-2833", "CVE-2018-2834", "CVE-2018-2835", "CVE-2018-2836", "CVE-2018-2837", "CVE-2018-2838", "CVE-2018-2839", "CVE-2018-2840", "CVE-2018-2841", "CVE-2018-2842", "CVE-2018-2843", "CVE-2018-2844", "CVE-2018-2845", "CVE-2018-2846", "CVE-2018-2847", "CVE-2018-2848", "CVE-2018-2849", "CVE-2018-2850", "CVE-2018-2851", "CVE-2018-2852", "CVE-2018-2853", "CVE-2018-2854", "CVE-2018-2855", "CVE-2018-2856", "CVE-2018-2857", "CVE-2018-2858", "CVE-2018-2859", "CVE-2018-2860", "CVE-2018-2861", "CVE-2018-2862", "CVE-2018-2863", "CVE-2018-2864", "CVE-2018-2865", "CVE-2018-2866", "CVE-2018-2867", "CVE-2018-2868", "CVE-2018-2869", "CVE-2018-2870", "CVE-2018-2871", "CVE-2018-2872", "CVE-2018-2873", "CVE-2018-2874", "CVE-2018-2876", "CVE-2018-2877", "CVE-2018-2878", "CVE-2018-2879", "CVE-2018-7489"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * Critical Patch Updates, Security Alerts and Bulletins for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 255 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2383583.1>).\n\nThe January 2018 Critical Patch Update provided patches in response to the Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) processor vulnerabilities. Please refer to this Advisory and the Addendum to the January 2018 Critical Patch Update Advisory for Spectre and Meltdown MOS note ([Doc ID 2347948.1](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2347948.1>)) for information on how to obtain these patches.\n", "modified": "2018-12-10T00:00:00", "published": "2018-04-17T00:00:00", "id": "ORACLE:CPUAPR2018", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - April 2018", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:20:57", "bulletinFamily": "software", "cvelist": ["CVE-2018-2768", "CVE-2018-2802", "CVE-2018-2775", "CVE-2018-2815", "CVE-2018-2748", "CVE-2018-2836", "CVE-2017-9798", "CVE-2018-2878", "CVE-2018-2826", "CVE-2018-2827", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-2817", "CVE-2018-2800", "CVE-2018-2868", "CVE-2018-2832", "CVE-2018-2789", "CVE-2018-2852", "CVE-2018-2808", "CVE-2018-2749", "CVE-2018-2747", "CVE-2018-2563", "CVE-2018-2860", "CVE-2018-2769", "CVE-2017-13080", "CVE-2016-5019", "CVE-2018-2776", "CVE-2018-7489", "CVE-2016-6306", "CVE-2018-2841", "CVE-2018-2759", "CVE-2016-2183", "CVE-2018-2870", "CVE-2018-2844", "CVE-2018-2822", "CVE-2018-2853", "CVE-2018-2746", "CVE-2016-2178", "CVE-2018-2755", "CVE-2018-2810", "CVE-2018-2812", "CVE-2018-2803", "CVE-2016-9878", "CVE-2017-10400", "CVE-2017-3735", "CVE-2018-2823", "CVE-2018-2842", "CVE-2018-2786", "CVE-2018-2778", "CVE-2018-2820", "CVE-2018-2765", "CVE-2018-2876", "CVE-2016-3092", "CVE-2018-2856", "CVE-2018-2872", "CVE-2018-2858", "CVE-2016-6302", "CVE-2017-13082", "CVE-2018-2819", "CVE-2018-2783", "CVE-2018-2774", "CVE-2016-8745", "CVE-2016-2177", "CVE-2018-2784", "CVE-2018-2771", "CVE-2018-2835", "CVE-2018-2848", "CVE-2018-2840", "CVE-2016-0635", "CVE-2018-2863", "CVE-2018-2867", "CVE-2018-2845", "CVE-2018-2824", "CVE-2018-2861", "CVE-2018-2777", "CVE-2018-2738", "CVE-2018-2838", "CVE-2018-2849", "CVE-2015-7501", "CVE-2018-2754", "CVE-2018-2795", "CVE-2016-6307", "CVE-2017-3737", "CVE-2013-1768", "CVE-2017-15707", "CVE-2018-2791", "CVE-2018-2807", "CVE-2018-2766", "CVE-2018-2763", "CVE-2018-2780", "CVE-2018-2879", "CVE-2018-2752", "CVE-2016-6308", "CVE-2017-13078", "CVE-2017-5662", "CVE-2018-2816", "CVE-2014-0054", "CVE-2018-2793", "CVE-2016-2180", "CVE-2018-2742", "CVE-2018-2739", "CVE-2017-7805", "CVE-2018-2798", "CVE-2018-2814", "CVE-2018-2855", "CVE-2018-2799", "CVE-2017-5715", "CVE-2018-2787", "CVE-2016-2181", "CVE-2018-2818", "CVE-2016-6304", "CVE-2018-2753", "CVE-2018-2756", "CVE-2018-2851", "CVE-2018-2796", "CVE-2018-2764", "CVE-2018-2837", "CVE-2018-2847", "CVE-2018-0739", "CVE-2017-17562", "CVE-2018-2805", "CVE-2018-2572", "CVE-2018-2801", "CVE-2018-2761", "CVE-2018-2821", "CVE-2018-2782", "CVE-2018-2831", "CVE-2018-2773", "CVE-2018-2797", "CVE-2018-2864", "CVE-2018-2828", "CVE-2018-2866", "CVE-2018-2587", "CVE-2018-2829", "CVE-2017-7525", "CVE-2018-2770", "CVE-2016-7052", "CVE-2018-2718", "CVE-2018-2781", "CVE-2018-2830", "CVE-2018-2806", "CVE-2017-5664", "CVE-2018-2779", "CVE-2018-2825", "CVE-2018-2813", "CVE-2016-5007", "CVE-2018-2854", "CVE-2018-2811", "CVE-2018-2762", "CVE-2018-2869", "CVE-2018-2790", "CVE-2017-3738", "CVE-2018-2877", "CVE-2018-2865", "CVE-2018-2760", "CVE-2018-2834", "CVE-2016-6305", "CVE-2016-6303", "CVE-2018-2772", "CVE-2018-2846", "CVE-2018-2792", "CVE-2017-5645", "CVE-2016-2182", "CVE-2018-2833", "CVE-2017-12617", "CVE-2018-2859", "CVE-2018-2843", "CVE-2018-2804", "CVE-2017-10393", "CVE-2018-2788", "CVE-2018-2628", "CVE-2018-2785", "CVE-2018-2750", "CVE-2018-2873", "CVE-2015-7940", "CVE-2017-3736", "CVE-2018-2758", "CVE-2017-13077", "CVE-2016-3506", "CVE-2018-2737", "CVE-2018-2809", "CVE-2018-2871", "CVE-2017-15095", "CVE-2016-2179", "CVE-2016-6814", "CVE-2017-7674", "CVE-2018-2857", "CVE-2018-2839", "CVE-2018-2850", "CVE-2018-2862", "CVE-2016-6309", "CVE-2018-2794", "CVE-2018-2874"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<http://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 255 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2383583.1>).\n\nThe January 2018 Critical Patch Update provided patches in response to the Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) processor vulnerabilities. Please refer to this Advisory and the Addendum to the January 2018 Critical Patch Update Advisory for Spectre and Meltdown MOS note ([Doc ID 2347948.1](<https://support.oracle.com/rs?type=doc&id=2347948.1>)) for information on how to obtain these patches.\n", "modified": "2018-12-10T00:00:00", "published": "2018-04-17T00:00:00", "id": "ORACLE:CPUAPR2018-3678067", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - April 2018", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:15:56", "bulletinFamily": "software", "cvelist": ["CVE-2012-1007", "CVE-2014-0014", "CVE-2014-0114", "CVE-2014-3490", "CVE-2014-7817", "CVE-2015-0235", "CVE-2015-0252", "CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3153", "CVE-2015-3236", "CVE-2015-3237", "CVE-2015-6937", "CVE-2015-7501", "CVE-2015-7990", "CVE-2015-9251", "CVE-2016-0635", "CVE-2016-0729", "CVE-2016-0755", "CVE-2016-1000031", "CVE-2016-1181", "CVE-2016-1182", "CVE-2016-2107", "CVE-2016-3739", "CVE-2016-4000", "CVE-2016-5019", "CVE-2016-5080", "CVE-2016-5244", "CVE-2016-5419", "CVE-2016-5420", "CVE-2016-5421", "CVE-2016-6814", "CVE-2016-7141", "CVE-2016-7167", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8620", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-9586", "CVE-2016-9840", "CVE-2016-9841", "CVE-2016-9842", "CVE-2016-9843", "CVE-2017-14735", "CVE-2017-15095", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3738", "CVE-2017-5529", "CVE-2017-5533", "CVE-2017-5645", "CVE-2017-5715", "CVE-2017-7407", "CVE-2017-7525", "CVE-2017-7805", "CVE-2017-9798", "CVE-2018-0732", "CVE-2018-0733", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000300", "CVE-2018-1000301", "CVE-2018-11039", "CVE-2018-11040", "CVE-2018-11307", "CVE-2018-11776", "CVE-2018-12022", "CVE-2018-12023", "CVE-2018-1257", "CVE-2018-1258", "CVE-2018-1270", "CVE-2018-1271", "CVE-2018-1272", "CVE-2018-1275", "CVE-2018-1304", "CVE-2018-1305", "CVE-2018-13785", "CVE-2018-14048", "CVE-2018-18223", "CVE-2018-18224", "CVE-2018-2887", "CVE-2018-2889", "CVE-2018-2902", "CVE-2018-2909", "CVE-2018-2911", "CVE-2018-2912", "CVE-2018-2913", "CVE-2018-2914", "CVE-2018-2922", "CVE-2018-2971", "CVE-2018-3011", "CVE-2018-3059", "CVE-2018-3115", "CVE-2018-3122", "CVE-2018-3126", "CVE-2018-3127", "CVE-2018-3128", "CVE-2018-3129", "CVE-2018-3130", "CVE-2018-3131", "CVE-2018-3132", "CVE-2018-3133", "CVE-2018-3134", "CVE-2018-3135", "CVE-2018-3136", "CVE-2018-3137", "CVE-2018-3138", "CVE-2018-3139", "CVE-2018-3140", "CVE-2018-3141", "CVE-2018-3142", "CVE-2018-3143", "CVE-2018-3144", "CVE-2018-3145", "CVE-2018-3146", "CVE-2018-3147", "CVE-2018-3148", "CVE-2018-3149", "CVE-2018-3150", "CVE-2018-3151", "CVE-2018-3152", "CVE-2018-3153", "CVE-2018-3154", "CVE-2018-3155", "CVE-2018-3156", "CVE-2018-3157", "CVE-2018-3158", "CVE-2018-3159", "CVE-2018-3160", "CVE-2018-3161", "CVE-2018-3162", "CVE-2018-3163", "CVE-2018-3164", "CVE-2018-3165", "CVE-2018-3166", "CVE-2018-3167", "CVE-2018-3168", "CVE-2018-3169", "CVE-2018-3170", "CVE-2018-3171", "CVE-2018-3172", "CVE-2018-3173", "CVE-2018-3174", "CVE-2018-3175", "CVE-2018-3176", "CVE-2018-3177", "CVE-2018-3178", "CVE-2018-3179", "CVE-2018-3180", "CVE-2018-3181", "CVE-2018-3182", "CVE-2018-3183", "CVE-2018-3184", "CVE-2018-3185", "CVE-2018-3186", "CVE-2018-3187", "CVE-2018-3188", "CVE-2018-3189", "CVE-2018-3190", "CVE-2018-3191", "CVE-2018-3192", "CVE-2018-3193", "CVE-2018-3194", "CVE-2018-3195", "CVE-2018-3196", "CVE-2018-3197", "CVE-2018-3198", "CVE-2018-3200", "CVE-2018-3201", "CVE-2018-3202", "CVE-2018-3203", "CVE-2018-3204", "CVE-2018-3205", "CVE-2018-3206", "CVE-2018-3207", "CVE-2018-3208", "CVE-2018-3209", "CVE-2018-3210", "CVE-2018-3211", "CVE-2018-3212", "CVE-2018-3213", "CVE-2018-3214", "CVE-2018-3215", "CVE-2018-3217", "CVE-2018-3218", "CVE-2018-3219", "CVE-2018-3220", "CVE-2018-3221", "CVE-2018-3222", "CVE-2018-3223", "CVE-2018-3224", "CVE-2018-3225", "CVE-2018-3226", "CVE-2018-3227", "CVE-2018-3228", "CVE-2018-3229", "CVE-2018-3230", "CVE-2018-3231", "CVE-2018-3232", "CVE-2018-3233", "CVE-2018-3234", "CVE-2018-3235", "CVE-2018-3236", "CVE-2018-3237", "CVE-2018-3238", "CVE-2018-3239", "CVE-2018-3241", "CVE-2018-3242", "CVE-2018-3243", "CVE-2018-3244", "CVE-2018-3245", "CVE-2018-3246", "CVE-2018-3247", "CVE-2018-3248", "CVE-2018-3249", "CVE-2018-3250", "CVE-2018-3251", "CVE-2018-3252", "CVE-2018-3253", "CVE-2018-3254", "CVE-2018-3255", "CVE-2018-3256", "CVE-2018-3257", "CVE-2018-3258", "CVE-2018-3259", "CVE-2018-3261", "CVE-2018-3262", "CVE-2018-3263", "CVE-2018-3264", "CVE-2018-3265", "CVE-2018-3266", "CVE-2018-3267", "CVE-2018-3268", "CVE-2018-3269", "CVE-2018-3270", "CVE-2018-3271", "CVE-2018-3272", "CVE-2018-3273", "CVE-2018-3274", "CVE-2018-3275", "CVE-2018-3276", "CVE-2018-3277", "CVE-2018-3278", "CVE-2018-3279", "CVE-2018-3280", "CVE-2018-3281", "CVE-2018-3282", "CVE-2018-3283", "CVE-2018-3284", "CVE-2018-3285", "CVE-2018-3286", "CVE-2018-3287", "CVE-2018-3288", "CVE-2018-3289", "CVE-2018-3290", "CVE-2018-3291", "CVE-2018-3292", "CVE-2018-3293", "CVE-2018-3294", "CVE-2018-3295", "CVE-2018-3296", "CVE-2018-3297", "CVE-2018-3298", "CVE-2018-3299", "CVE-2018-3301", "CVE-2018-3302", "CVE-2018-7489", "CVE-2018-8013", "CVE-2018-8014", "CVE-2018-8034", "CVE-2018-8037"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 301 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/epmos/faces/DocumentDisplay?id=2456979.1>).\n", "modified": "2018-10-16T00:00:00", "published": "2018-12-18T00:00:00", "id": "ORACLE:CPUOCT2018", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - October 2018", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:21:14", "bulletinFamily": "software", "cvelist": ["CVE-2018-3170", "CVE-2018-3157", "CVE-2018-3138", "CVE-2018-3254", "CVE-2017-5533", "CVE-2018-3204", "CVE-2018-3141", "CVE-2017-7407", "CVE-2015-9251", "CVE-2016-8620", "CVE-2017-9798", "CVE-2016-8623", "CVE-2018-1000120", "CVE-2016-5244", "CVE-2018-0732", "CVE-2018-3183", "CVE-2015-0235", "CVE-2016-5420", "CVE-2018-3274", "CVE-2018-3271", "CVE-2018-1304", "CVE-2018-3297", "CVE-2018-3130", "CVE-2016-9840", "CVE-2018-3184", "CVE-2018-3227", "CVE-2018-3231", "CVE-2016-8615", "CVE-2016-8616", "CVE-2018-3188", "CVE-2018-3137", "CVE-2018-3174", "CVE-2018-3203", "CVE-2018-3154", "CVE-2016-5019", "CVE-2016-8619", "CVE-2015-3236", "CVE-2018-3189", "CVE-2018-1275", "CVE-2018-14048", "CVE-2018-3301", "CVE-2018-3294", "CVE-2018-3129", "CVE-2018-7489", "CVE-2018-3287", "CVE-2018-3180", "CVE-2018-3257", "CVE-2018-3280", "CVE-2018-3293", "CVE-2018-3247", "CVE-2018-3239", "CVE-2018-2911", "CVE-2018-3270", "CVE-2018-3249", "CVE-2018-3259", "CVE-2018-3167", "CVE-2018-3236", "CVE-2018-3292", "CVE-2017-3735", "CVE-2018-2912", "CVE-2018-3175", "CVE-2018-3250", "CVE-2014-0014", "CVE-2018-3299", "CVE-2018-1271", "CVE-2016-5080", "CVE-2018-3256", "CVE-2018-3136", "CVE-2018-3246", "CVE-2018-3152", "CVE-2016-8618", "CVE-2018-1000121", "CVE-2018-3285", "CVE-2018-3115", "CVE-2018-3263", "CVE-2018-11039", "CVE-2018-3282", "CVE-2018-3218", "CVE-2018-3150", "CVE-2018-3145", "CVE-2018-3132", "CVE-2018-3190", "CVE-2016-7141", "CVE-2018-3220", "CVE-2018-11307", "CVE-2018-3133", "CVE-2018-2889", "CVE-2018-3128", "CVE-2018-3214", "CVE-2018-3182", "CVE-2018-3211", "CVE-2018-3210", "CVE-2016-0729", "CVE-2018-3233", "CVE-2018-3209", "CVE-2018-3131", "CVE-2018-3302", "CVE-2016-0635", "CVE-2016-0755", "CVE-2016-2107", "CVE-2018-3267", "CVE-2018-3261", "CVE-2015-7501", "CVE-2018-3219", "CVE-2018-3291", "CVE-2018-3244", "CVE-2018-3265", "CVE-2018-3266", "CVE-2018-3193", "CVE-2018-3144", "CVE-2018-3206", "CVE-2018-3298", "CVE-2016-8617", "CVE-2016-9842", "CVE-2018-12022", "CVE-2018-3212", "CVE-2018-8014", "CVE-2016-1182", "CVE-2015-3153", "CVE-2018-1258", "CVE-2018-3234", "CVE-2018-3255", "CVE-2018-3226", "CVE-2018-1000122", "CVE-2018-3173", "CVE-2018-3215", "CVE-2018-3248", "CVE-2018-1305", "CVE-2018-3187", "CVE-2018-3276", "CVE-2018-3156", "CVE-2018-3241", "CVE-2018-3228", "CVE-2018-11776", "CVE-2018-3122", "CVE-2018-13785", "CVE-2018-3011", "CVE-2018-3139", "CVE-2017-7805", "CVE-2018-3223", "CVE-2018-3205", "CVE-2018-3230", "CVE-2018-1257", "CVE-2018-3213", "CVE-2017-5715", "CVE-2018-3161", "CVE-2018-3290", "CVE-2018-3201", "CVE-2018-1000300", "CVE-2018-3251", "CVE-2018-3225", "CVE-2018-2902", "CVE-2018-3163", "CVE-2015-3144", "CVE-2018-2887", "CVE-2014-0114", "CVE-2018-3179", "CVE-2018-3262", "CVE-2018-3237", "CVE-2018-0739", "CVE-2018-3222", "CVE-2018-3155", "CVE-2015-0252", "CVE-2018-3253", "CVE-2018-3126", "CVE-2018-8034", "CVE-2018-3127", "CVE-2018-3221", "CVE-2018-3059", "CVE-2015-3237", "CVE-2018-3279", "CVE-2018-3151", "CVE-2018-2909", "CVE-2018-3245", "CVE-2018-3252", "CVE-2018-3284", "CVE-2018-8013", "CVE-2018-3235", "CVE-2016-8622", "CVE-2018-3275", "CVE-2015-7990", "CVE-2018-3162", "CVE-2018-3197", "CVE-2018-1272", "CVE-2018-3278", "CVE-2018-3186", "CVE-2017-7525", "CVE-2018-3159", "CVE-2018-3171", "CVE-2018-3296", "CVE-2018-3194", "CVE-2018-3217", "CVE-2018-3273", "CVE-2018-3178", "CVE-2018-3147", "CVE-2018-3288", "CVE-2018-1270", "CVE-2014-7817", "CVE-2018-3191", "CVE-2018-18224", "CVE-2012-1007", "CVE-2018-3143", "CVE-2016-8624", "CVE-2018-0733", "CVE-2016-1181", "CVE-2018-3281", "CVE-2018-2971", "CVE-2016-3739", "CVE-2018-3146", "CVE-2016-9843", "CVE-2018-3277", "CVE-2018-3208", "CVE-2017-14735", "CVE-2015-3145", "CVE-2017-3738", "CVE-2018-3172", "CVE-2018-3164", "CVE-2018-3176", "CVE-2018-3169", "CVE-2018-3160", "CVE-2018-3149", "CVE-2014-3490", "CVE-2018-3185", "CVE-2018-3232", "CVE-2018-3264", "CVE-2018-8037", "CVE-2018-3258", "CVE-2017-5645", "CVE-2016-5421", "CVE-2016-9586", "CVE-2018-3272", "CVE-2018-3142", "CVE-2018-3295", "CVE-2018-2914", "CVE-2018-3192", "CVE-2018-3153", "CVE-2018-3283", "CVE-2017-5529", "CVE-2018-3269", "CVE-2016-9841", "CVE-2018-3196", "CVE-2016-4000", "CVE-2018-3289", "CVE-2018-3229", "CVE-2017-3736", "CVE-2018-3286", "CVE-2018-3177", "CVE-2018-3243", "CVE-2018-3242", "CVE-2018-3148", "CVE-2018-3181", "CVE-2018-18223", "CVE-2018-0737", "CVE-2018-3268", "CVE-2018-3200", "CVE-2016-5419", "CVE-2018-3195", "CVE-2017-15095", "CVE-2016-7167", "CVE-2018-11040", "CVE-2018-3198", "CVE-2018-3166", "CVE-2016-6814", "CVE-2018-3202", "CVE-2016-1000031", "CVE-2018-3158", "CVE-2018-1000301", "CVE-2018-3238", "CVE-2018-3134", "CVE-2018-12023", "CVE-2018-3224", "CVE-2018-3165", "CVE-2016-8621", "CVE-2018-3135", "CVE-2018-3168", "CVE-2015-6937", "CVE-2018-2922", "CVE-2018-3140", "CVE-2018-2913", "CVE-2018-3207"], "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n * [Critical Patch Updates, Security Alerts and Bulletins](<https://www.oracle.com/securityalerts>) for information about Oracle Security Advisories.\n\n \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay.**\n\nThis Critical Patch Update contains 301 new security fixes across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ October 2018 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2456979.1>).\n", "modified": "2018-10-16T00:00:00", "published": "2018-12-18T00:00:00", "id": "ORACLE:CPUOCT2018-4428296", "href": "", "type": "oracle", "title": "CPU Oct 2018", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}