Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.NEWSTART_CGSL_NS-SA-2022-0098_NSS.NASL
HistoryNov 15, 2022 - 12:00 a.m.

NewStart CGSL MAIN 6.02 : nss Multiple Vulnerabilities (NS-SA-2022-0098)

2022-11-1500:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
3
JSON

The remote NewStart CGSL host, running version MAIN 6.02, has nss packages installed that are affected by multiple vulnerabilities:

  • A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. (CVE-2020-25648)

  • NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. Note: This vulnerability does NOT impact Mozilla Firefox. However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
    (CVE-2021-43527)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2022-0098. The text
# itself is copyright (C) ZTE, Inc.
##

include('compat.inc');

if (description)
{
  script_id(167486);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/04");

  script_cve_id("CVE-2020-25648", "CVE-2021-43527");

  script_name(english:"NewStart CGSL MAIN 6.02 : nss Multiple Vulnerabilities (NS-SA-2022-0098)");

  script_set_attribute(attribute:"synopsis", value:
"The remote NewStart CGSL host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version MAIN 6.02, has nss packages installed that are affected by multiple
vulnerabilities:

  - A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a
    remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the
    NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS
    versions before 3.58. (CVE-2020-25648)

  - NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow
    when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures
    encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for
    certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how
    they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and
    PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and
    Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.
    (CVE-2021-43527)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2022-0098");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2020-25648");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2021-43527");
  script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL nss packages. Note that updated packages may not be available yet. Please contact ZTE for
more information.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-43527");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/10/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/11/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:nss-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:nss-softokn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:nss-softokn-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:nss-softokn-freebl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:nss-softokn-freebl-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:nss-sysinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:nss-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:nss-util");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:nss-util-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:zte:cgsl_main:6");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"NewStart CGSL Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");

  exit(0);
}

include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var os_release = get_kb_item('Host/ZTE-CGSL/release');
if (isnull(os_release) || os_release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');

if (os_release !~ "CGSL MAIN 6.02")
  audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');

if (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);

var flag = 0;

var pkgs = {
  'CGSL MAIN 6.02': [
    'nss-3.67.0-7.el8_5',
    'nss-devel-3.67.0-7.el8_5',
    'nss-softokn-3.67.0-7.el8_5',
    'nss-softokn-devel-3.67.0-7.el8_5',
    'nss-softokn-freebl-3.67.0-7.el8_5',
    'nss-softokn-freebl-devel-3.67.0-7.el8_5',
    'nss-sysinit-3.67.0-7.el8_5',
    'nss-tools-3.67.0-7.el8_5',
    'nss-util-3.67.0-7.el8_5',
    'nss-util-devel-3.67.0-7.el8_5'
  ]
};
var pkg_list = pkgs[os_release];

foreach (pkg in pkg_list)
  if (rpm_check(release:'ZTE ' + os_release, reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nss');
}
VendorProductVersionCPE
ztecgsl_mainnssp-cpe:/a:zte:cgsl_main:nss
ztecgsl_mainnss-develp-cpe:/a:zte:cgsl_main:nss-devel
ztecgsl_mainnss-softoknp-cpe:/a:zte:cgsl_main:nss-softokn
ztecgsl_mainnss-softokn-develp-cpe:/a:zte:cgsl_main:nss-softokn-devel
ztecgsl_mainnss-softokn-freeblp-cpe:/a:zte:cgsl_main:nss-softokn-freebl
ztecgsl_mainnss-softokn-freebl-develp-cpe:/a:zte:cgsl_main:nss-softokn-freebl-devel
ztecgsl_mainnss-sysinitp-cpe:/a:zte:cgsl_main:nss-sysinit
ztecgsl_mainnss-toolsp-cpe:/a:zte:cgsl_main:nss-tools
ztecgsl_mainnss-utilp-cpe:/a:zte:cgsl_main:nss-util
ztecgsl_mainnss-util-develp-cpe:/a:zte:cgsl_main:nss-util-devel
Rows per page:
1-10 of 111

Related

nessus 87
alpinelinux 2
cloudfoundry 2
amazon 8
osv 14
ubuntucve 3
redhat 16
rocky 2
debiancve 3
oraclelinux 5
fedora 5
ibm 2
gentoo 1
prion 3
almalinux 2
redhatcve 3
veracode 2
cve 3
ubuntu 5
photon 6
debian 4
cbl_mariner 2
archlinux 2
mageia 1
centos 1
cnvd 1
suse 4
thn 1
freebsd 1
mozilla 1
cloudlinux 2
f5 2
slackware 2
googleprojectzero 1
nessus
nessus
EulerOS Virtualization 3.0.2.0 : nss (EulerOS-SA-2023-1713)
2023-05-07 00:00:00
CentOS 8 : nss and nspr (CESA-2021:3572)
2021-09-21 00:00:00
AlmaLinux 8 : nss and nspr (ALSA-2021:3572)
2022-02-09 00:00:00
alpinelinux
alpinelinux
CVE-2020-25648
2020-10-20 22:15:00
CVE-2021-43527
2021-12-08 22:15:00
cloudfoundry
cloudfoundry
USN-5410-1: NSS vulnerability | Cloud Foundry
2022-05-26 00:00:00
USN-5168-1: NSS vulnerability | Cloud Foundry
2022-01-20 00:00:00
amazon
amazon
Medium: nss
2021-07-08 18:38:00
Medium: nss
2021-06-16 20:37:00
Critical: nss
2023-02-17 00:11:00
osv
osv
CVE-2020-25648
2020-10-20 22:15:43
nss vulnerability
2022-05-11 08:22:36
Moderate: nss and nspr security, bug fix, and enhancement update
2021-09-21 07:08:30
ubuntucve
ubuntucve
CVE-2020-25648
2020-10-20 00:00:00
CVE-2021-43529
2023-02-16 00:00:00
CVE-2021-43527
2021-12-01 00:00:00
redhat
redhat
(RHSA-2021:1384) Moderate: nss security and bug fix update
2021-04-27 07:51:47
(RHSA-2021:3572) Moderate: nss and nspr security, bug fix, and enhancement update
2021-09-21 07:08:30
(RHSA-2021:4953) Critical: nss security update
2021-12-06 18:53:38
rocky
rocky
nss and nspr security, bug fix, and enhancement update
2021-09-21 07:08:30
nss security update
2021-12-01 17:52:10
debiancve
debiancve
CVE-2020-25648
2020-10-20 22:15:00
CVE-2021-43527
2021-12-08 22:15:00
CVE-2021-43529
2023-02-16 22:15:10
oraclelinux
oraclelinux
nss security and bug fix update
2021-04-28 00:00:00
nss and nspr security, bug fix, and enhancement update
2021-09-21 00:00:00
nss security update
2021-12-01 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: nss-3.58.0-3.fc31
2020-11-13 01:55:03
[SECURITY] Fedora 33 Update: nss-3.58.0-3.fc33
2020-11-04 03:03:38
[SECURITY] Fedora 32 Update: nss-3.58.0-3.fc32
2020-11-13 01:31:05
ibm
ibm
Security Bulletin: IBM MQ Appliance is affected by Mozilla Network Security Services (NSS) vulnerability (CVE-2020-25648)
2021-07-09 15:20:56
Security Bulletin: Heap-Based Buffer Overflow in Mozilla Network Security Services (NSS) may affect IBM Spectrum Protect Plus (CVE-2021-43527)
2022-05-17 23:25:58
gentoo
gentoo
Mozilla Network Security Service (NSS): Denial of service
2020-12-23 00:00:00
prion
prion
Design/Logic Flaw
2020-10-20 22:15:00
Heap overflow
2021-12-08 22:15:00
Heap overflow
2023-02-16 22:15:00
almalinux
almalinux
Moderate: nss and nspr security, bug fix, and enhancement update
2021-09-21 07:08:30
Critical: nss security update
2021-12-01 17:52:10
redhatcve
redhatcve
CVE-2020-25648
2020-10-20 04:16:03
CVE-2021-43527
2021-12-01 17:07:57
CVE-2021-43529
2022-05-12 15:33:14
veracode
veracode
Denial Of Service (DoS)
2020-12-04 16:26:27
Remote Code Execution (RCE)
2021-12-07 15:48:58
cve
cve
CVE-2020-25648
2020-10-20 22:15:00
CVE-2021-43527
2021-12-08 22:15:00
CVE-2021-43529
2023-02-16 22:15:10
ubuntu
ubuntu
NSS vulnerability
2022-05-11 00:00:00
NSS vulnerability
2021-12-01 00:00:00
NSS regression
2021-12-07 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0418
2021-12-03 00:00:00
Important Photon OS Security Update - PHSA-2021-0135
2021-12-03 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0454
2021-12-03 00:00:00
debian
debian
[SECURITY] [DLA 2836-2] nss regression update
2021-12-07 23:07:16
[SECURITY] [DSA 5016-1] nss security update
2021-12-01 21:51:16
[SECURITY] [DLA 2836-1] nss security update
2021-12-02 13:03:34
cbl_mariner
cbl_mariner
CVE-2021-43527 affecting package nss 3.44-6
2022-01-10 03:59:22
CVE-2021-43527 affecting package nss 3.44-11
2022-04-09 06:52:33
archlinux
archlinux
[ASA-202112-3] nss: arbitrary code execution
2021-12-03 00:00:00
[ASA-202112-4] lib32-nss: arbitrary code execution
2021-12-03 00:00:00
mageia
mageia
Updated nss packages fix security vulnerability
2021-12-02 19:49:28
centos
centos
nss security update
2021-12-06 16:52:37
cnvd
cnvd
Mozilla Network Security Services Buffer Overflow Vulnerability (CNVD-2021-102398)
2021-12-02 00:00:00
suse
suse
Security update for mozilla-nss (important)
2021-12-06 00:00:00
Security update for mozilla-nss (important)
2022-07-22 00:00:00
Security update for mozilla-nss (important)
2022-07-29 00:00:00
thn
thn
Critical Bug in Mozilla's NSS Crypto Library Potentially Affects Several Other Software
2021-12-02 05:10:00
freebsd
freebsd
NSS -- Memory corruption
2021-12-01 00:00:00
mozilla
mozilla
Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures — Mozilla
2021-12-01 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-43527
2021-12-06 15:23:50
Fix of CVE: CVE-2021-43527
2021-12-20 12:12:34
f5
f5
K54450124 : NSS vulnerability CVE-2021-43527
2022-01-28 00:00:00
K000130509 : Thunderbird vulnerability CVE-2021-43529
2023-01-06 00:00:00
slackware
slackware
[slackware-security] mozilla-nss
2023-01-07 02:09:10
[slackware-security] mozilla-nss
2021-12-03 20:11:32
googleprojectzero
googleprojectzero
This shouldn't have happened: A vulnerability postmortem
2021-12-01 00:00:00
JSON
Related for NEWSTART_CGSL_NS-SA-2022-0098_NSS.NASL
nessus87alpinelinux2cloudfoundry2amazon8osv14ubuntucve3redhat16rocky2debiancve3oraclelinux5fedora5ibm2gentoo1prion3almalinux2redhatcve3veracode2cve3ubuntu5photon6debian4cbl_mariner2archlinux2mageia1centos1cnvd1suse4thn1freebsd1mozilla1cloudlinux2f52slackware2googleprojectzero1