Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLEVM_OVMSA-2017-0065.NASL
HistoryApr 21, 2017 - 12:00 a.m.

OracleVM 3.3 / 3.4 : nss / nss-util (OVMSA-2017-0065)

2017-04-2100:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
40
JSON

The remote OracleVM system is missing necessary patches to address critical security updates :

nss

  • Added nss-vendor.patch to change vendor

  • Temporarily disable some tests until expired PayPalEE.cert is renewed

  • Rebase to 3.28.4

  • Fix crash with tstclnt -W

  • Adjust gtests to run with our old softoken and downstream patches

  • Avoid cipher suite ordering change, spotted by Hubert Kario

  • Rebase to 3.28.3

  • Remove upstreamed moz-1282627-rh-1294606.patch, moz-1312141-rh-1387811.patch, moz-1315936.patch, and moz-1318561.patch

  • Remove no longer necessary nss-duplicate-ciphers.patch

  • Disable X25519 and exclude tests using it

  • Catch failed ASN1 decoding of RSA keys, by Kamil Dudka (#1427481)

  • Update expired PayPalEE.cert

  • Disable unsupported test cases in ssl_gtests

  • Adjust the sslstress.txt filename so that it matches with the disableSSL2tests patch ported from RHEL 7

  • Exclude SHA384 and CHACHA20_POLY1305 ciphersuites from stress tests

  • Don’t add gtests and ssl_gtests to nss_tests, unless gtests are enabled

  • Add patch to fix SSL CA name leaks, taken from NSS 3.27.2 release

  • Add patch to fix bash syntax error in tests/ssl.sh

  • Add patch to remove duplicate ciphersuites entries in sslinfo.c

  • Add patch to abort selfserv/strsclnt/tstclnt on non-parsable version range

  • Build with support for SSLKEYLOGFILE

  • Update fix_multiple_open patch to fix regression in openldap client

  • Remove pk11_genobj_leak patch, which caused crash with Firefox

  • Add comment in the policy file to preserve the last empty line

  • Disable SHA384 ciphersuites when CKM_TLS12_KEY_AND_MAC_DERIVE is not provided by softoken this superseds check_hash_impl patch

  • Fix problem in check_hash_impl patch

  • Add patch to check if hash algorithms are backed by a token

  • Add patch to disable TLS_ECDHE_[RSA,ECDSA]_WITH_AES_128_CBC_SHA256, which have never enabled in the past

  • Add upstream patch to fix a crash. Mozilla #1315936

  • Disable the use of RSA-PSS with SSL/TLS. #1390161

  • Use updated upstream patch for RH bug 1387811

  • Added upstream patches to fix RH bugs 1057388, 1294606, 1387811

  • Enable gtests when requested

  • Rebase to NSS 3.27.1

  • Remove nss-646045.patch, which is not necessary

  • Remove p-disable-md5-590364-reversed.patch, which is no-op here, because the patched code is removed later in %setup

  • Remove disable_hw_gcm.patch, which is no-op here, because the patched code is removed later in %setup.
    Also remove NSS_DISABLE_HW_GCM setting, which was only required for RHEL 5

  • Add Bug-1001841-disable-sslv2-libssl.patch and Bug-1001841-disable-sslv2-tests.patch, which completedly disable EXPORT ciphersuites. Ported from RHEL 7

  • Remove disable-export-suites-tests.patch, which is covered by Bug-1001841-disable-sslv2-tests.patch

  • Remove nss-ca-2.6-enable-legacy.patch, as we decided to not allow 1024 legacy CA certificates

  • Remove ssl-server-min-key-sizes.patch, as we decided to support DH key size greater than 1023 bits

  • Remove nss-init-ss-sec-certs-null.patch, which appears to be no-op, as it clears memory area allocated with PORT_ZAlloc

  • Remove nss-disable-sslv2-libssl.patch, nss-disable-sslv2-tests.patch, sslauth-no-v2.patch, and nss-sslstress-txt-ssl3-lower-value-in-range.patch as SSLv2 is already disabled in upstream

  • Remove fix-nss-test-filtering.patch, which is fixed in upstream

  • Add nss-check-policy-file.patch from Fedora

  • Install policy config in /etc/pki/nss-legacy/nss-rhel6.config

nss-util

  • Rebase to NSS 3.28.4 to accommodate base64 encoding fix

  • Rebase to NSS 3.28.3

  • Package new header eccutil.h

  • Tolerate policy file without last empty line

  • Add missing source files

  • Rebase to NSS 3.26.0

  • Remove upstreamed patch for (CVE-2016-1950)

  • Remove p-disable-md5-590364-reversed.patch for bug 1335915

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2017-0065.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(99568);
  script_version("3.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2016-1950");

  script_name(english:"OracleVM 3.3 / 3.4 : nss / nss-util (OVMSA-2017-0065)");
  script_summary(english:"Checks the RPM output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote OracleVM host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :

nss

  - Added nss-vendor.patch to change vendor

  - Temporarily disable some tests until expired
    PayPalEE.cert is renewed

  - Rebase to 3.28.4

  - Fix crash with tstclnt -W

  - Adjust gtests to run with our old softoken and
    downstream patches

  - Avoid cipher suite ordering change, spotted by Hubert
    Kario

  - Rebase to 3.28.3

  - Remove upstreamed moz-1282627-rh-1294606.patch,
    moz-1312141-rh-1387811.patch, moz-1315936.patch, and
    moz-1318561.patch

  - Remove no longer necessary nss-duplicate-ciphers.patch

  - Disable X25519 and exclude tests using it

  - Catch failed ASN1 decoding of RSA keys, by Kamil Dudka
    (#1427481)

  - Update expired PayPalEE.cert

  - Disable unsupported test cases in ssl_gtests

  - Adjust the sslstress.txt filename so that it matches
    with the disableSSL2tests patch ported from RHEL 7

  - Exclude SHA384 and CHACHA20_POLY1305 ciphersuites from
    stress tests

  - Don't add gtests and ssl_gtests to nss_tests, unless
    gtests are enabled

  - Add patch to fix SSL CA name leaks, taken from NSS
    3.27.2 release

  - Add patch to fix bash syntax error in tests/ssl.sh

  - Add patch to remove duplicate ciphersuites entries in
    sslinfo.c

  - Add patch to abort selfserv/strsclnt/tstclnt on
    non-parsable version range

  - Build with support for SSLKEYLOGFILE

  - Update fix_multiple_open patch to fix regression in
    openldap client

  - Remove pk11_genobj_leak patch, which caused crash with
    Firefox

  - Add comment in the policy file to preserve the last
    empty line

  - Disable SHA384 ciphersuites when
    CKM_TLS12_KEY_AND_MAC_DERIVE is not provided by
    softoken  this superseds check_hash_impl patch

  - Fix problem in check_hash_impl patch

  - Add patch to check if hash algorithms are backed by a
    token

  - Add patch to disable
    TLS_ECDHE_[RSA,ECDSA]_WITH_AES_128_CBC_SHA256, which
    have never enabled in the past

  - Add upstream patch to fix a crash. Mozilla #1315936

  - Disable the use of RSA-PSS with SSL/TLS. #1390161

  - Use updated upstream patch for RH bug 1387811

  - Added upstream patches to fix RH bugs 1057388, 1294606,
    1387811

  - Enable gtests when requested

  - Rebase to NSS 3.27.1

  - Remove nss-646045.patch, which is not necessary

  - Remove p-disable-md5-590364-reversed.patch, which is
    no-op here, because the patched code is removed later in
    %setup

  - Remove disable_hw_gcm.patch, which is no-op here,
    because the patched code is removed later in %setup.
    Also remove NSS_DISABLE_HW_GCM setting, which was only
    required for RHEL 5

  - Add Bug-1001841-disable-sslv2-libssl.patch and
    Bug-1001841-disable-sslv2-tests.patch, which completedly
    disable EXPORT ciphersuites. Ported from RHEL 7

  - Remove disable-export-suites-tests.patch, which is
    covered by Bug-1001841-disable-sslv2-tests.patch

  - Remove nss-ca-2.6-enable-legacy.patch, as we decided to
    not allow 1024 legacy CA certificates

  - Remove ssl-server-min-key-sizes.patch, as we decided to
    support DH key size greater than 1023 bits

  - Remove nss-init-ss-sec-certs-null.patch, which appears
    to be no-op, as it clears memory area allocated with
    PORT_ZAlloc

  - Remove nss-disable-sslv2-libssl.patch,
    nss-disable-sslv2-tests.patch, sslauth-no-v2.patch, and
    nss-sslstress-txt-ssl3-lower-value-in-range.patch as
    SSLv2 is already disabled in upstream

  - Remove fix-nss-test-filtering.patch, which is fixed in
    upstream

  - Add nss-check-policy-file.patch from Fedora

  - Install policy config in
    /etc/pki/nss-legacy/nss-rhel6.config

nss-util

  - Rebase to NSS 3.28.4 to accommodate base64 encoding fix

  - Rebase to NSS 3.28.3

  - Package new header eccutil.h

  - Tolerate policy file without last empty line

  - Add missing source files

  - Rebase to NSS 3.26.0

  - Remove upstreamed patch for (CVE-2016-1950)

  - Remove p-disable-md5-590364-reversed.patch for bug
    1335915"
  );
  # https://oss.oracle.com/pipermail/oraclevm-errata/2017-April/000682.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3652e035"
  );
  # https://oss.oracle.com/pipermail/oraclevm-errata/2017-April/000683.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?97bdc28b"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:nss-sysinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:nss-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:nss-util");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/21");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"OracleVM Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "(3\.3|3\.4)" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3 / 3.4", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_check(release:"OVS3.3", reference:"nss-3.28.4-1.0.1.el6_9")) flag++;
if (rpm_check(release:"OVS3.3", reference:"nss-sysinit-3.28.4-1.0.1.el6_9")) flag++;
if (rpm_check(release:"OVS3.3", reference:"nss-tools-3.28.4-1.0.1.el6_9")) flag++;
if (rpm_check(release:"OVS3.3", reference:"nss-util-3.28.4-1.el6_9")) flag++;

if (rpm_check(release:"OVS3.4", reference:"nss-3.28.4-1.0.1.el6_9")) flag++;
if (rpm_check(release:"OVS3.4", reference:"nss-sysinit-3.28.4-1.0.1.el6_9")) flag++;
if (rpm_check(release:"OVS3.4", reference:"nss-tools-3.28.4-1.0.1.el6_9")) flag++;
if (rpm_check(release:"OVS3.4", reference:"nss-util-3.28.4-1.el6_9")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss / nss-sysinit / nss-tools / nss-util");
}
VendorProductVersionCPE
oraclevmnssp-cpe:/a:oracle:vm:nss
oraclevmnss-sysinitp-cpe:/a:oracle:vm:nss-sysinit
oraclevmnss-toolsp-cpe:/a:oracle:vm:nss-tools
oraclevmnss-utilp-cpe:/a:oracle:vm:nss-util
oraclevm_server3.3cpe:/o:oracle:vm_server:3.3
oraclevm_server3.4cpe:/o:oracle:vm_server:3.4

Related

openvas 35
redhat 3
f5 2
ibm 7
nessus 45
cve 1
centos 2
debiancve 1
veracode 1
mageia 2
ubuntu 5
amazon 1
oraclelinux 4
prion 1
ubuntucve 1
mozilla 1
freebsd 1
googleprojectzero 1
symantec 1
debian 4
osv 3
suse 9
apple 8
kaspersky 1
gentoo 1
oracle 3
openvas
openvas
Oracle Linux Local Check: ELSA-2016-0371
2016-03-11 00:00:00
CentOS Update for nss CESA-2016:0371 centos5
2016-03-10 00:00:00
Mageia Linux Local Check: mgasa-2016-0114
2016-03-17 00:00:00
redhat
redhat
(RHSA-2016:0371) Critical: nss security update
2016-03-09 00:00:00
(RHSA-2016:0370) Critical: nss-util security update
2016-03-09 00:00:00
(RHSA-2016:0495) Critical: nss-util security update
2016-03-23 00:00:00
f5
f5
K91100352 : Mozilla NSS vulnerability CVE-2016-1950
2016-04-13 00:00:00
SOL91100352 - Mozilla NSS vulnerability CVE-2016-1950
2016-04-13 00:00:00
ibm
ibm
Security Bulletin: IBM Security Access Manager for Mobile is affected by a vulnerability in nss-util (CVE-2016-1950)
2018-06-16 21:42:32
Security Bulletin: IBM Security Access Manager for Web is affected by a vulnerability in nss-util (CVE-2016-1950)
2018-06-16 21:42:32
Security Bulletin: Nss-util vulnerabilities affect IBM SmartCloud Entry( CVE-2016-1950 )
2020-07-19 00:49:12
nessus
nessus
CentOS 5 : nss (CESA-2016:0371)
2016-03-09 00:00:00
EulerOS 2.0 SP1 : nss-util (EulerOS-SA-2016-1003)
2017-05-01 00:00:00
CentOS 6 / 7 : nss-util (CESA-2016:0370)
2016-03-09 00:00:00
cve
cve
CVE-2016-1950
2016-03-13 18:59:00
centos
centos
nss security update
2016-03-09 05:42:52
nss security update
2016-03-09 05:32:53
debiancve
debiancve
CVE-2016-1950
2016-03-13 18:59:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:10:27
mageia
mageia
Updated nss packages fix CVE-2016-1950
2016-03-16 21:07:23
Updated firefox packages fix security vulnerabilities
2016-03-10 01:57:53
ubuntu
ubuntu
NSS vulnerability
2016-03-09 00:00:00
Thunderbird vulnerabilities
2016-04-27 00:00:00
Firefox regressions
2016-04-19 00:00:00
amazon
amazon
Critical: nss-util
2016-03-10 16:30:00
oraclelinux
oraclelinux
nss-util security update
2016-03-09 00:00:00
nss security update
2016-03-09 00:00:00
nss, nss-util, and nspr security, bug fix, and enhancement update
2016-04-05 00:00:00
prion
prion
Heap overflow
2016-03-13 18:59:00
ubuntucve
ubuntucve
CVE-2016-1950
2016-03-08 00:00:00
mozilla
mozilla
Buffer overflow during ASN.1 decoding in NSS — Mozilla
2016-03-08 00:00:00
freebsd
freebsd
NSS -- multiple vulnerabilities
2016-03-08 00:00:00
googleprojectzero
googleprojectzero
CVE-2021-30737, @xerub's 2021 iOS ASN.1 Vulnerability
2022-04-07 00:00:00
symantec
symantec
SA119 : Multiple NSS Vulnerabilities
2016-03-22 08:00:00
debian
debian
[SECURITY] [DLA 480-1] nss security update
2016-05-18 18:34:37
[SECURITY] [DSA 3688-1] nss security update
2016-10-05 20:20:43
[SECURITY] [DSA 3520-1] icedove security update
2016-03-18 21:06:06
osv
osv
nss - security update
2016-05-18 00:00:00
nss - security update
2016-10-05 00:00:00
iceweasel - security update
2016-03-09 00:00:00
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2016-06-11 22:07:57
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2016-03-11 20:11:56
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2016-03-15 19:12:14
apple
apple
About the security content of tvOS 9.2
2016-03-21 00:00:00
About the security content of tvOS 9.2 - Apple Support
2017-01-23 03:54:34
About the security content of watchOS 2.2 - Apple Support
2017-01-23 03:54:34
kaspersky
kaspersky
KLA10765 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2016-03-08 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2016-05-31 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2017
2018-03-20 00:00:00
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00
JSON
Related for ORACLEVM_OVMSA-2017-0065.NASL
openvas35redhat3f52ibm7nessus45cve1centos2debiancve1veracode1mageia2ubuntu5amazon1oraclelinux4prion1ubuntucve1mozilla1freebsd1googleprojectzero1symantec1debian4osv3suse9apple8kaspersky1gentoo1oracle3