MiracleLinux 4 : nss-3.16.1-7.AXS4, nss-util-3.16.1-2.AXS4, nss-softokn-3.14.3-12.AXS4 (AXSA:2014-572:03)

🗓️ 16 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 4 NSS libraries vulnerable to CVE-2014-1568 enabling remote RSA signature malleability.

Reporter	Title	Published	Views	Family All 181
IBM Security Bulletins	Security Bulletin: Tivoli Common Reporting iFixes for multiple Security Vulnerabilities (CVE-2014-3566,CVE-2014-6145,CVE-2014-1568,CVE-2014-4263,CVE-2014-3513,CVE-2014-3567,CVE-2014-3568,CVE-2014-0107,CVE-2014-0075,CVE-2014-0096,CVE-2014-0099,CVE-2014-011	17 Jun 201814:55	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities (CVE-2014-3566, CVE-2014-6145, CVE-2014-1568, CVE-2014-4263, CVE-2012-5784, CVE-2014-3513, CVE-2014-3567 and CVE-2014-3568).	15 Jun 201823:13	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in multiple products that ship with IBM Predictive Customer Intelligence (CVE-2014-3566)	11 Feb 202021:31	–	ibm
IBM Security Bulletins	Security Bulletins - Cognos Analytics and Cognos Business Intelligence	19 Jul 201816:57	–	ibm
FreeBSD	NSS -- RSA Signature Forgery	23 Sep 201400:00	–	freebsd
FreeBSD	chromium -- RSA signature malleability in NSS	24 Sep 201400:00	–	freebsd
Tenable Nessus	Mozilla Firefox ESR < 24.8.1 RSA Signature Forgery in NSS	6 Nov 201900:00	–	nessus
Tenable Nessus	Google Chrome < 37.0.2062.124 RSA Signature Forgery in NSS	6 Oct 201400:00	–	nessus
Tenable Nessus	SeaMonkey < 2.29.1 RSA Signature Forgery in NSS	6 Oct 201400:00	–	nessus
Tenable Nessus	Mozilla Thunderbird < 31.1.2 RSA Signature Forgery in NSS	6 Oct 201400:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/5028
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2014-572:03.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(289044);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/16");

  script_cve_id("CVE-2014-1568");

  script_name(english:"MiracleLinux 4 : nss-3.16.1-7.AXS4, nss-util-3.16.1-2.AXS4, nss-softokn-3.14.3-12.AXS4 (AXSA:2014-572:03)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the
AXSA:2014-572:03 advisory.

    Description :
    Network Security Services (NSS) is a set of libraries designed to
    support cross-platform development of security-enabled client and
    server applications. Applications built with NSS can support SSL v2
    and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
    v3 certificates, and other security standards.
    Security issues fixed with this release:
    CVE-2014-1568
    Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1,
    as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1,
    Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome
    before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly
    parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA
    signatures via a crafted certificate, aka a signature malleability issue.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/5028");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1568");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss-softokn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss-softokn-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss-softokn-freebl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss-softokn-freebl-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss-sysinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss-util");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:nss-util-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '4',
    'pkgs': [
      {'reference':'nss-3.16.1-7.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-3.16.1-7.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-devel-3.16.1-7.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-devel-3.16.1-7.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-softokn-3.14.3-12.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-softokn-3.14.3-12.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-softokn-devel-3.14.3-12.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-softokn-devel-3.14.3-12.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-softokn-freebl-3.14.3-12.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-softokn-freebl-3.14.3-12.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-softokn-freebl-devel-3.14.3-12.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-softokn-freebl-devel-3.14.3-12.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-sysinit-3.16.1-7.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-sysinit-3.16.1-7.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-tools-3.16.1-7.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-tools-3.16.1-7.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-util-3.16.1-2.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-util-3.16.1-2.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-util-devel-3.16.1-2.AXS4', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'nss-util-devel-3.16.1-2.AXS4', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nss / nss-devel / nss-softokn / nss-softokn-devel / etc');
}

16 Jan 2026 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS 27.5

EPSS0.336