Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_3_NSS-201112-111220.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : nss-201112 (openSUSE-SU-2012:0030-1) (BEAST)

2014-06-1300:00:00
This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

The Mozilla NSS libraries were updated to version 3.13.1 to fix various bugs and security problems.

Following security issues were fixed :

  • SSL 2.0 is disabled by default

  • A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.
    bnc#

  • SHA-224 is supported

  • NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db anymore (bmo#641052, bnc#726096) (CVE-2011-3640)

Also following bugs were fixed :

  • fix spec file syntax for qemu-workaround

  • Added a patch to fix errors in the pkcs11n.h header file. (bmo#702090)

  • better SHA-224 support (bmo#647706)

  • SHA-224 is supported

  • Added PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code

  • Added NSS_GetVersion to return the NSS version string

  • Added experimental support of RSA-PSS to the softoken only

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update nss-201112-5564.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75685);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id("CVE-2011-3389", "CVE-2011-3640");
  script_xref(name:"CEA-ID", value:"CEA-2019-0547");

  script_name(english:"openSUSE Security Update : nss-201112 (openSUSE-SU-2012:0030-1) (BEAST)");

  script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The Mozilla NSS libraries were updated to version 3.13.1 to fix
various bugs and security problems.

Following security issues were fixed :

  - SSL 2.0 is disabled by default

  - A defense against the SSL 3.0 and TLS 1.0 CBC chosen
    plaintext attack demonstrated by Rizzo and Duong
    (CVE-2011-3389) is enabled by default. Set the
    SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.
    bnc#

  - SHA-224 is supported

  - NSS_NoDB_Init does not try to open /pkcs11.txt and
    /secmod.db anymore (bmo#641052, bnc#726096)
    (CVE-2011-3640)

Also following bugs were fixed :

  - fix spec file syntax for qemu-workaround

  - Added a patch to fix errors in the pkcs11n.h header
    file. (bmo#702090)

  - better SHA-224 support (bmo#647706)

  - SHA-224 is supported

  - Added PORT_ErrorToString and PORT_ErrorToName to return
    the error message and symbolic name of an NSS error code

  - Added NSS_GetVersion to return the NSS version string

  - Added experimental support of RSA-PSS to the softoken
    only");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=726096");
  script_set_attribute(attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-01/msg00009.html");
  script_set_attribute(attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-01/msg00021.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected nss-201112 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/12/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreebl3-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsoftokn3-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mozilla-nss-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.3", reference:"libfreebl3-3.13.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"libsoftokn3-3.13.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"mozilla-nss-3.13.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"mozilla-nss-certs-3.13.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"mozilla-nss-devel-3.13.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"mozilla-nss-sysinit-3.13.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"mozilla-nss-tools-3.13.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"libfreebl3-32bit-3.13.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"libsoftokn3-32bit-3.13.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-nss-32bit-3.13.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-nss-certs-32bit-3.13.1-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"mozilla-nss-sysinit-32bit-3.13.1-0.2.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mozilla-nss");
}
VendorProductVersionCPE
novellopensuselibfreebl3p-cpe:/a:novell:opensuse:libfreebl3
novellopensuselibfreebl3-32bitp-cpe:/a:novell:opensuse:libfreebl3-32bit
novellopensuselibsoftokn3p-cpe:/a:novell:opensuse:libsoftokn3
novellopensuselibsoftokn3-32bitp-cpe:/a:novell:opensuse:libsoftokn3-32bit
novellopensusemozilla-nssp-cpe:/a:novell:opensuse:mozilla-nss
novellopensusemozilla-nss-32bitp-cpe:/a:novell:opensuse:mozilla-nss-32bit
novellopensusemozilla-nss-certsp-cpe:/a:novell:opensuse:mozilla-nss-certs
novellopensusemozilla-nss-certs-32bitp-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit
novellopensusemozilla-nss-develp-cpe:/a:novell:opensuse:mozilla-nss-devel
novellopensusemozilla-nss-sysinitp-cpe:/a:novell:opensuse:mozilla-nss-sysinit
Rows per page:
1-10 of 131

Related

nessus 39
fedora 24
checkpoint_security 1
openvas 78
ibm 9
cert 1
debian 7
prion 2
veracode 2
mskb 1
debiancve 2
checkpoint_advisories 2
seebug 2
ics 2
cve 3
osv 5
securityvulns 11
ubuntucve 2
freebsd 2
rubygems 1
f5 2
rapid7blog 1
nessus
nessus
openSUSE Security Update : nss-201112 (openSUSE-SU-2012:0030-1) (BEAST)
2014-06-13 00:00:00
Kerio Connect < 8.1.0 SSL/TLS Information Disclosure (BEAST)
2014-02-07 00:00:00
SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)
2012-04-16 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: nss-util-3.13.1-3.fc15
2012-01-22 05:26:28
[SECURITY] Fedora 15 Update: xulrunner-9.0.1-1.fc15
2012-01-22 05:26:29
[SECURITY] Fedora 15 Update: nspr-4.8.9-2.fc15
2012-01-22 05:26:29
checkpoint_security
checkpoint_security
Check Point response to CVE-2011-3389 aka BEAST attack
2012-10-15 22:00:00
openvas
openvas
Fedora Update for thunderbird-lightning FEDORA-2011-17399
2012-01-23 00:00:00
Fedora Update for firefox FEDORA-2011-17399
2012-01-23 00:00:00
Fedora Update for firefox FEDORA-2011-17400
2012-04-02 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in SSL and TLS protocols affect the IBM FlashSystem V840 (CVE-2011-3389)
2018-06-18 00:09:28
Security Bulletin: IBM System x and Flex Systems Browser Exploit Against SSL/TLS (BEAST) Mitigations (CVE-2011-3389)
2022-05-16 16:03:13
Security Bulletin: Vulnerabilities in SSL and TLS protocols affects SAN Volume Controller and Storwize Family (CVE-2011-3389)
2023-03-29 01:48:02
cert
cert
SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes
2011-09-27 00:00:00
debian
debian
[SECURITY] [DSA 2339-1] nss security update
2011-11-07 17:45:35
[BSA-057] Security update for nss
2011-11-15 07:23:14
[SECURITY] [DSA 2398-2] curl regression
2012-03-31 19:38:57
prion
prion
Session fixation
2011-09-06 19:55:00
Design/Logic Flaw
2011-10-28 02:49:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-05-02 04:55:58
Blockwise Chosen-boundary Attacks
2017-04-27 06:38:37
mskb
mskb
MS12-006: Vulnerability in SSL/TLS could allow information disclosure: January 10, 2012
2012-01-10 00:00:00
debiancve
debiancve
CVE-2011-3389
2011-09-06 19:55:00
CVE-2011-3640
2011-10-28 02:49:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against SSL and TLS Protocols Information Disclosure (MS12-006; CVE-2011-3389)
2012-01-10 00:00:00
Web Servers SSL Flooding Denial of Service (CVE-2011-3389)
2011-11-06 00:00:00
seebug
seebug
Microsoft Windows SSL/TLS信息泄露漏洞
2011-09-29 00:00:00
Apple XCode 4.x 信息泄露漏洞
2012-07-27 00:00:00
ics
ics
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
2018-09-06 12:00:00
Siemens SIMATIC RF6XXR
2019-07-11 12:00:00
cve
cve
CVE-2011-3389
2011-09-06 19:55:00
CVE-2011-3640
2011-10-28 02:49:00
CVE-2004-2770
2011-09-25 10:55:00
osv
osv
nss - several
2011-11-07 00:00:00
curl - several
2012-03-31 00:00:00
lighttpd - several
2011-12-20 00:00:00
securityvulns
securityvulns
ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST &#40;Browser Exploit Against SSL/TLS&#41; attacks
2014-05-05 00:00:00
ESA-2012-032: RSA BSAFE&#40;r&#41; Micro Edition Suite Security Update for BEAST &#40;Browser Exploit Against SSL/TLS&#41; attacks
2012-10-29 00:00:00
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
2014-04-07 00:00:00
ubuntucve
ubuntucve
CVE-2011-3640
2011-10-28 00:00:00
CVE-2011-3389
2011-11-16 00:00:00
freebsd
freebsd
fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
2012-01-19 00:00:00
asterisk -- Multiple vulnerabilities
2016-02-03 00:00:00
rubygems
rubygems
CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
2011-08-31 00:00:00
f5
f5
SOL13400 - SSL 3.0/TLS 1.0 BEAST vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870
2012-03-06 00:00:00
K13400 : SSL 3.0/TLS 1.0 vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870
2015-06-16 00:00:00
rapid7blog
rapid7blog
New Rapid7 MDR Essentials Capability Sees What Attackers See: “It’s Eye-Opening”
2021-09-01 13:11:33
JSON
Related for SUSE_11_3_NSS-201112-111220.NASL
nessus39fedora24checkpoint_security1openvas78ibm9cert1debian7prion2veracode2mskb1debiancve2checkpoint_advisories2seebug2ics2cve3osv5securityvulns11ubuntucve2freebsd2rubygems1f52rapid7blog1