Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_3_LIBFREEBL3-100930.NASLHistoryJun 13, 2014 - 12:00 a.m.
openSUSE Security Update : libfreebl3 (openSUSE-SU-2010:0904-1)
2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
The Mozilla NSS Library was updated to version 3.12.8 and the Mozilla NSPR Library was updated to 4.8.6 to fix various bugs and one security issue.
CVE-2010-3170: Disallow wildcard matching in X509 certificate Common Names.
This update also has preparations for Firefox 4 support, and a updated Root Certificate Authority list.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update libfreebl3-3241.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(75574);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2010-3170");
script_name(english:"openSUSE Security Update : libfreebl3 (openSUSE-SU-2010:0904-1)");
script_summary(english:"Check for the libfreebl3-3241 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"The Mozilla NSS Library was updated to version 3.12.8 and the Mozilla
NSPR Library was updated to 4.8.6 to fix various bugs and one security
issue.
CVE-2010-3170: Disallow wildcard matching in X509 certificate Common
Names.
This update also has preparations for Firefox 4 support, and a updated
Root Certificate Authority list."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=637290"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2010-10/msg00035.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected libfreebl3 packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nspr-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
script_set_attribute(attribute:"patch_publication_date", value:"2010/09/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE11.3", reference:"libfreebl3-3.12.8-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"libsoftokn3-3.12.8-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"mozilla-nspr-4.8.6-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"mozilla-nspr-devel-4.8.6-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"mozilla-nss-3.12.8-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"mozilla-nss-certs-3.12.8-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"mozilla-nss-devel-3.12.8-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"mozilla-nss-sysinit-3.12.8-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"mozilla-nss-tools-3.12.8-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"libfreebl3-32bit-3.12.8-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"libsoftokn3-32bit-3.12.8-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-nspr-32bit-4.8.6-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-nss-32bit-3.12.8-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.12.8-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.12.8-1.1.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla-nss");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libfreebl3 | p-cpe:/a:novell:opensuse:libfreebl3 |
| novell | opensuse | libfreebl3-32bit | p-cpe:/a:novell:opensuse:libfreebl3-32bit |
| novell | opensuse | libsoftokn3 | p-cpe:/a:novell:opensuse:libsoftokn3 |
| novell | opensuse | libsoftokn3-32bit | p-cpe:/a:novell:opensuse:libsoftokn3-32bit |
| novell | opensuse | mozilla-nspr | p-cpe:/a:novell:opensuse:mozilla-nspr |
| novell | opensuse | mozilla-nspr-32bit | p-cpe:/a:novell:opensuse:mozilla-nspr-32bit |
| novell | opensuse | mozilla-nspr-devel | p-cpe:/a:novell:opensuse:mozilla-nspr-devel |
| novell | opensuse | mozilla-nss | p-cpe:/a:novell:opensuse:mozilla-nss |
| novell | opensuse | mozilla-nss-32bit | p-cpe:/a:novell:opensuse:mozilla-nss-32bit |
| novell | opensuse | mozilla-nss-certs | p-cpe:/a:novell:opensuse:mozilla-nss-certs |
Related
openvas
openvas
Fedora Update for nss-softokn FEDORA-2010-15897
2010-12-02 00:00:00
Fedora Update for nss-softokn FEDORA-2010-15989
2010-11-16 00:00:00
Fedora Update for nss-util FEDORA-2010-15989
2010-11-16 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: nss-3.12.8-2.fc14
2010-10-28 05:48:31
[SECURITY] Fedora 14 Update: nss-softokn-3.12.8-1.fc14
2010-10-28 05:48:31
[SECURITY] Fedora 13 Update: nss-3.12.8-2.fc13
2010-10-27 22:30:59
oraclelinux
oraclelinux
nss security update
2011-02-11 00:00:00
seamonkey security update
2010-10-20 00:00:00
firefox security update
2010-10-20 00:00:00
nessus
nessus
Fedora 14 : nss-3.12.8-2.fc14 / nss-softokn-3.12.8-1.fc14 / nss-util-3.12.8-1.fc14 (2010-15897)
2010-10-29 00:00:00
Fedora 12 : nss-3.12.8-2.fc12 / nss-softokn-3.12.8-1.fc12 / nss-util-3.12.8-1.fc12 (2010-15989)
2010-11-05 00:00:00
Scientific Linux Security Update : nss on SL6.x i386/x86_64
2012-08-01 00:00:00
debiancve
debiancve
CVE-2010-3170
2010-10-21 19:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-70
2010-10-23 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:53:00
redhat
redhat
(RHSA-2010:0862) Low: nss security update
2010-11-10 00:00:00
(RHSA-2010:0781) Critical: seamonkey security update
2010-10-19 00:00:00
(RHSA-2010:0782) Critical: firefox security update
2010-10-19 00:00:00
cve
cve
CVE-2010-3170
2010-10-21 19:00:00
prion
prion
Design/Logic Flaw
2010-10-21 19:00:00
ubuntucve
ubuntucve
CVE-2010-3170
2010-10-20 00:00:00
mozilla
mozilla
SSL wildcard certificate matching IP addresses — Mozilla
2010-10-19 00:00:00
osv
osv
nss - cryptographic weaknesses
2010-11-01 00:00:00
debian
debian
[SECURITY] [DSA 2123-1] New NSS packages fix cryptographic weaknesses
2010-11-01 19:45:41
BSA-009 Security Update for nss
2010-11-02 19:04:18
BSA-009 Security Update for nss
2010-11-02 15:06:03
ubuntu
ubuntu
NSS vulnerabilities
2010-10-20 00:00:00
centos
centos
seamonkey security update
2010-10-25 12:12:58
firefox, nss, xulrunner security update
2010-10-20 14:29:05
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-10-19 00:00:00
suse
suse
remote code execution in MozillaFirefox,seamonkey,MozillaThunderbird
2010-11-08 11:27:17
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
vmware
vmware
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
Related for SUSE_11_3_LIBFREEBL3-100930.NASL