RHEL 6 : nss, nss-util, and nspr (RHSA-2016:0591)

2016-04-0700:00:00

www.tenable.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.077 Low

EPSS

Percentile

94.2%

JSON

An update for nss, nss-util, and nspr is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.

The following packages have been upgraded to a newer upstream version:
nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874, BZ#1299861)

Security Fix(es) :

A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978)
A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979)

Red Hat would like to thank the Mozilla Project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2016:0591. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(90386);
  script_version("2.12");
  script_cvs_date("Date: 2019/10/24 15:35:41");

  script_cve_id("CVE-2016-1978", "CVE-2016-1979");
  script_xref(name:"RHSA", value:"2016:0591");

  script_name(english:"RHEL 6 : nss, nss-util, and nspr (RHSA-2016:0591)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for nss, nss-util, and nspr is now available for Red Hat
Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Network Security Services (NSS) is a set of libraries designed to
support the cross-platform development of security-enabled client and
server applications. The nss-util packages provide utilities for use
with the Network Security Services (NSS) libraries. Netscape Portable
Runtime (NSPR) provides platform independence for non-GUI operating
system facilities.

The following packages have been upgraded to a newer upstream version:
nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874,
BZ#1299861)

Security Fix(es) :

* A use-after-free flaw was found in the way NSS handled DHE
(Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman
key exchange) handshake messages. A remote attacker could send a
specially crafted handshake message that, when parsed by an
application linked against NSS, would cause that application to crash
or, under certain special conditions, execute arbitrary code using the
permissions of the user running the application. (CVE-2016-1978)

* A use-after-free flaw was found in the way NSS processed certain DER
(Distinguished Encoding Rules) encoded cryptographic keys. An attacker
could use this flaw to create a specially crafted DER encoded
certificate which, when parsed by an application compiled against the
NSS library, could cause that application to crash, or execute
arbitrary code using the permissions of the user running the
application. (CVE-2016-1979)

Red Hat would like to thank the Mozilla Project for reporting these
issues. Upstream acknowledges Eric Rescorla as the original reporter
of CVE-2016-1978; and Tim Taubert as the original reporter of
CVE-2016-1979."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2016:0591"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-1979"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-1978"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nspr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nspr-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nspr-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-sysinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-util");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-util-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-util-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/04/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/07");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2016:0591";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL6", reference:"nspr-4.11.0-0.1.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", reference:"nspr-debuginfo-4.11.0-0.1.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", reference:"nspr-devel-4.11.0-0.1.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", reference:"nss-3.21.0-0.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", reference:"nss-debuginfo-3.21.0-0.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", reference:"nss-devel-3.21.0-0.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", reference:"nss-pkcs11-devel-3.21.0-0.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"nss-sysinit-3.21.0-0.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"nss-sysinit-3.21.0-0.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"nss-sysinit-3.21.0-0.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"nss-tools-3.21.0-0.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"nss-tools-3.21.0-0.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"nss-tools-3.21.0-0.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", reference:"nss-util-3.21.0-0.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", reference:"nss-util-debuginfo-3.21.0-0.3.el6_7")) flag++;

  if (rpm_check(release:"RHEL6", reference:"nss-util-devel-3.21.0-0.3.el6_7")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nspr / nspr-debuginfo / nspr-devel / nss / nss-debuginfo / etc");
  }
}

VendorProductVersionCPE
redhatenterprise_linuxnsprp-cpe:/a:redhat:enterprise_linux:nspr
redhatenterprise_linuxnspr-debuginfop-cpe:/a:redhat:enterprise_linux:nspr-debuginfo
redhatenterprise_linuxnspr-develp-cpe:/a:redhat:enterprise_linux:nspr-devel
redhatenterprise_linuxnssp-cpe:/a:redhat:enterprise_linux:nss
redhatenterprise_linuxnss-debuginfop-cpe:/a:redhat:enterprise_linux:nss-debuginfo
redhatenterprise_linuxnss-develp-cpe:/a:redhat:enterprise_linux:nss-devel
redhatenterprise_linuxnss-pkcs11-develp-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel
redhatenterprise_linuxnss-sysinitp-cpe:/a:redhat:enterprise_linux:nss-sysinit
redhatenterprise_linuxnss-toolsp-cpe:/a:redhat:enterprise_linux:nss-tools
redhatenterprise_linuxnss-utilp-cpe:/a:redhat:enterprise_linux:nss-util

Vendor	Product	Version	CPE
redhat	enterprise_linux	nspr	p-cpe:/a:redhat:enterprise_linux:nspr
redhat	enterprise_linux	nspr-debuginfo	p-cpe:/a:redhat:enterprise_linux:nspr-debuginfo
redhat	enterprise_linux	nspr-devel	p-cpe:/a:redhat:enterprise_linux:nspr-devel
redhat	enterprise_linux	nss	p-cpe:/a:redhat:enterprise_linux:nss
redhat	enterprise_linux	nss-debuginfo	p-cpe:/a:redhat:enterprise_linux:nss-debuginfo
redhat	enterprise_linux	nss-devel	p-cpe:/a:redhat:enterprise_linux:nss-devel
redhat	enterprise_linux	nss-pkcs11-devel	p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel
redhat	enterprise_linux	nss-sysinit	p-cpe:/a:redhat:enterprise_linux:nss-sysinit
redhat	enterprise_linux	nss-tools	p-cpe:/a:redhat:enterprise_linux:nss-tools
redhat	enterprise_linux	nss-util	p-cpe:/a:redhat:enterprise_linux:nss-util