Vulners
Lucene search
MiracleLinux 4 : nspr-4.10.2-1.AXS4, nss-3.15.3-6.0.1.AXS4, nss-util-3.15.3-1.AXS4 (AXSA:2014-054:01)
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2014-054:01.
##
include('compat.inc');
if (description)
{
script_id(291470);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/19");
script_cve_id(
"CVE-2013-1739",
"CVE-2013-1741",
"CVE-2013-5605",
"CVE-2013-5606",
"CVE-2013-5607"
);
script_name(english:"MiracleLinux 4 : nspr-4.10.2-1.AXS4, nss-3.15.3-6.0.1.AXS4, nss-util-3.15.3-1.AXS4 (AXSA:2014-054:01)");
script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2014-054:01 advisory.
nss: Network Security Services (NSS) is a set of libraries designed to support cross-platform development
of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3,
TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
nss-util: Utilities for Network Security Services and the Softoken module
nspr: NSPR provides platform independence for non-GUI operating system facilities. These facilities
include threads, thread synchronization, normal file and network I/O, interval timing and calendar time,
basic memory management (malloc and free) and shared library linking.
Security issues fixed with this release:
a subordinate Certificate Authority (CA) mis-issued an intermediate certificate, which could be used to
conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as
untrusted.
Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the
certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object
Token.
CVE-2013-1739
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized
before read operations, which allows remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors that trigger a decryption failure.
CVE-2013-1741
Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to
cause a denial of service or possibly have unspecified other impact via a large size value.
CVE-2013-5605
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers
to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.
CVE-2013-5606
The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15
before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the
CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions
via a crafted certificate.
CVE-2013-5607
Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before
4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and
SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.
Fixed bugs:
Previously, loading a single key multiple times caused an SSL connection to fail. This was because of the
NSS PEM module that pretended token removal whenever a key from file was being loaded. This has been
fixed.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/4483");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5607");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vendor_severity", value:"High");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/11");
script_set_attribute(attribute:"patch_publication_date", value:"2014/03/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nspr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nspr-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss-sysinit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss-util");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss-util-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Miracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);
if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);
var constraints = [
{
'release': '4',
'pkgs': [
{'reference':'nspr-4.10.2-1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nspr-4.10.2-1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nspr-devel-4.10.2-1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nspr-devel-4.10.2-1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nss-3.15.3-6.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nss-3.15.3-6.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nss-devel-3.15.3-6.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nss-devel-3.15.3-6.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nss-sysinit-3.15.3-6.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nss-sysinit-3.15.3-6.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nss-tools-3.15.3-6.0.1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nss-tools-3.15.3-6.0.1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nss-util-3.15.3-1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nss-util-3.15.3-1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nss-util-devel-3.15.3-1.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'nss-util-devel-3.15.3-1.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nspr / nspr-devel / nss / nss-devel / nss-sysinit / nss-tools / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Jan 2026 00:00Current
8.7High risk
Vulners AI Score8.7
CVSS 27.5
EPSS0.03954