MiracleLinux 3 : nss-3.16.1-2.AXS3 (AXSA:2014-538:03)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2014-538:03.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(290054);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");

  script_cve_id(
    "CVE-2013-1740",
    "CVE-2014-1490",
    "CVE-2014-1491",
    "CVE-2014-1492",
    "CVE-2014-1545"
  );

  script_name(english:"MiracleLinux 3 : nss-3.16.1-2.AXS3 (AXSA:2014-538:03)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2014-538:03 advisory.

    Description :
    Network Security Services (NSS) is a set of libraries designed to
    support cross-platform development of security-enabled client and
    server applications. Applications built with NSS can support SSL v2
    and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
    v3 certificates, and other security standards.
    Security issues fixed with this release:
    CVE-2013-1740
    The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before
    3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL
    servers by using an arbitrary X.509 certificate during certain handshake traffic.
    CVE-2014-1490
    Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla
    Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and
    other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have
    unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement
    of a session ticket.
    CVE-2014-1491
    Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR
    24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly
    restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to
    bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
    CVE-2014-1492
    The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in
    Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an
    internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL
    servers via a crafted certificate.
    CVE-2014-1545
    Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code
    or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console
    functions.
    fixed bugs;
    * Previously, the shell in the Network Security Services (NSS) specification handled test failures
    incorrectly as false positive test results, when the output.log file was not present on the system. So,
    certain utilities, such as grep, could not handle failures properly. With this update, fixed it.
    * Previously, a subordinate Certificate Authority (CA) of the ANSSI agency incorrectly issued an
    intermediate certificate installed on a network monitoring device. So, the monitoring device was enabled
    to act as an MITM (Man in the Middle) proxy performing traffic management of domain names or IP addresses
    that the certificate holder did not own or control. The trust in the intermediate certificate to issue the
    certificate for an MITM device has been revoked, and such a device can no longer be used for MITM attacks.
    * Previously,  MD5 certificates were rejected by default because Network Security Services (NSS) did not
    trust MD5 certificates. With this update, fixed it.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/4983");
  script_set_attribute(attribute:"solution", value:
"Update the affected nss, nss-devel and / or nss-tools packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1545");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 3.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'nss-3.16.1-2.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-devel-3.16.1-2.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-tools-3.16.1-2.AXS3', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nss / nss-devel / nss-tools');
}