Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2014-125.NASL
HistoryJun 16, 2014 - 12:00 a.m.

Mandriva Linux Security Advisory : nspr (MDVSA-2014:125)

2014-06-1600:00:00
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.
www.tenable.com
12
JSON

A vulnerability has been discovered and corrected in nspr :

Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions (CVE-2014-1545).

The updated nspr packages have been upgraded to the 4.10.6 version which is unaffected by this issue.

Additionally :

  • The rootcerts package have been upgraded to the latest version as of 2014-04-01.

  • The nss packages have been upgraded to the latest 3.16.1 version which resolves various bugs.

  • The sqlite3 packages have been upgraded to the 3.7.17 version for mbs1 due to an prerequisite to nss-3.16.1.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2014:125. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(76068);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2014-1545");
  script_bugtraq_id(67975);
  script_xref(name:"MDVSA", value:"2014:125");

  script_name(english:"Mandriva Linux Security Advisory : nspr (MDVSA-2014:125)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability has been discovered and corrected in nspr :

Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote
attackers to execute arbitrary code or cause a denial of service
(out-of-bounds write) via vectors involving the sprintf and console
functions (CVE-2014-1545).

The updated nspr packages have been upgraded to the 4.10.6 version
which is unaffected by this issue.

Additionally :

  - The rootcerts package have been upgraded to the latest
    version as of 2014-04-01.

  - The nss packages have been upgraded to the latest 3.16.1
    version which resolves various bugs.

  - The sqlite3 packages have been upgraded to the 3.7.17
    version for mbs1 due to an prerequisite to nss-3.16.1."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/advisories/mfsa2014-55/"
  );
  # https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.16.1_release_notes
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b157b539"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nspr-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nspr4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sqlite3-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sqlite3-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64sqlite3_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nss-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rootcerts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rootcerts-java");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sqlite3-tcl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sqlite3-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lemon-3.7.17-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64nspr-devel-4.10.6-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64nspr4-4.10.6-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64nss-devel-3.16.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64nss-static-devel-3.16.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64nss3-3.16.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64sqlite3-devel-3.7.17-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64sqlite3-static-devel-3.7.17-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64sqlite3_0-3.7.17-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"nss-3.16.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", reference:"nss-doc-3.16.1-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"rootcerts-20140401.00-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"rootcerts-java-20140401.00-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"sqlite3-tcl-3.7.17-1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"sqlite3-tools-3.7.17-1.mbs1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlemonp-cpe:/a:mandriva:linux:lemon
mandrivalinuxlib64nspr-develp-cpe:/a:mandriva:linux:lib64nspr-devel
mandrivalinuxlib64nspr4p-cpe:/a:mandriva:linux:lib64nspr4
mandrivalinuxlib64nss-develp-cpe:/a:mandriva:linux:lib64nss-devel
mandrivalinuxlib64nss-static-develp-cpe:/a:mandriva:linux:lib64nss-static-devel
mandrivalinuxlib64nss3p-cpe:/a:mandriva:linux:lib64nss3
mandrivalinuxlib64sqlite3-develp-cpe:/a:mandriva:linux:lib64sqlite3-devel
mandrivalinuxlib64sqlite3-static-develp-cpe:/a:mandriva:linux:lib64sqlite3-static-devel
mandrivalinuxlib64sqlite3_0p-cpe:/a:mandriva:linux:lib64sqlite3_0
mandrivalinuxnssp-cpe:/a:mandriva:linux:nss
Rows per page:
1-10 of 161

Related

osv 4
debian 4
cve 1
amazon 1
openvas 27
mozilla 1
nessus 23
debiancve 1
ubuntucve 1
prion 1
ubuntu 1
oraclelinux 2
centos 2
redhat 3
f5 2
ibm 4
veracode 1
suse 6
freebsd 1
securityvulns 2
gentoo 1
osv
osv
nspr - security update
2014-08-07 00:00:00
nspr - security update
2014-06-17 00:00:00
icedove - security update
2014-06-16 00:00:00
debian
debian
[SECURITY] [DSA 2962-1] nspr security update
2014-06-17 19:31:38
[DLA 32-1] nspr security update
2014-08-07 18:31:41
[SECURITY] [DSA 2955-1] iceweasel security update
2014-06-11 14:34:07
cve
cve
CVE-2014-1545
2014-06-11 10:57:00
amazon
amazon
Critical: nspr
2014-07-23 14:07:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-384)
2015-09-08 00:00:00
Ubuntu: Security Advisory (USN-2265-1)
2014-07-07 00:00:00
Debian Security Advisory DSA 2962-1 (nspr - security update)
2014-06-17 00:00:00
mozilla
mozilla
Out of bounds write in NSPR — Mozilla
2014-06-10 00:00:00
nessus
nessus
Debian DLA-32-1 : nspr security update
2015-03-26 00:00:00
Amazon Linux AMI : nspr (ALAS-2014-384)
2014-10-12 00:00:00
Ubuntu 14.04 LTS : NSPR vulnerability (USN-2265-1)
2014-07-03 00:00:00
debiancve
debiancve
CVE-2014-1545
2014-06-11 10:57:00
ubuntucve
ubuntucve
CVE-2014-1545
2014-06-11 00:00:00
prion
prion
Out-of-bounds
2014-06-11 10:57:00
ubuntu
ubuntu
NSPR vulnerability
2014-07-02 00:00:00
oraclelinux
oraclelinux
nss and nspr security, bug fix, and enhancement update
2014-09-17 00:00:00
nss and nspr security, bug fix, and enhancement update
2014-07-22 00:00:00
centos
centos
nss security update
2014-09-30 11:21:57
nspr, nss security update
2014-07-23 02:49:51
redhat
redhat
(RHSA-2014:1246) Moderate: nss and nspr security, bug fix, and enhancement update
2014-09-16 00:00:00
(RHSA-2014:0917) Critical: nss and nspr security, bug fix, and enhancement update
2014-07-22 00:00:00
(RHSA-2014:0979) Moderate: rhev-hypervisor6 security and bug fix update
2014-07-29 00:00:00
f5
f5
SOL16716 - Multiple Mozilla NSS vulnerabilities
2015-06-05 00:00:00
K16716 : Multiple Mozilla NSS vulnerabilities
2015-09-17 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Network Security Services (NSS) and Netscape Portable Runtime (NSPR) affect IBM SAN Volume Controller and Storwize Family (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)
2023-03-29 01:48:02
Security Bulletin: Six (6) Vulnerabilities in Network Security Services (NSS) & Netscape Portable Runtime (NSPR) affect IBM FlashSystem and TMS RAMSAN 710, 720, 810, and 820 systems (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-154
2023-02-28 01:12:10
Security Bulletin: Vulnerabilities in Network Security Services (NSS) and Netscape Portable Runtime (NSPR) affect IBM SAN Volume Controller and Storwize Family (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)
2022-08-20 00:54:31
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:03:51
suse
suse
Mozilla updates 2014/06 (critical)
2014-06-16 08:04:13
Security update for MozillaFirefox (important)
2014-06-23 20:09:15
Security update for Mozilla Firefox (important)
2014-07-17 02:04:25
freebsd
freebsd
mozilla -- multiple vulnerabilities
2014-06-10 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2014-06-13 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
JSON
Related for MANDRIVA_MDVSA-2014-125.NASL
osv4debian4cve1amazon1openvas27mozilla1nessus23debiancve1ubuntucve1prion1ubuntu1oraclelinux2centos2redhat3f52ibm4veracode1suse6freebsd1securityvulns2gentoo1