Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 Tenable Network Security, Inc.SUSE_11_MOZILLA-NSS-201310-131029.NASL
HistoryNov 17, 2013 - 12:00 a.m.

SuSE 11.2 Security Update : Mozilla NSS (SAT Patch Number 8484)

2013-11-1700:00:00
This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.
www.tenable.com
10
JSON

Mozilla NSS has been updated to 3.15.2 (bnc#847708) bringing various features and bugfixes :

The main feature is TLS 1.2 support and its dependent algorithms.

  • Support for AES-GCM ciphersuites that use the SHA-256 PRF

  • MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs

  • Add PK11_CipherFinal macro

  • sizeof() used incorrectly

  • nssutil_ReadSecmodDB() leaks memory

  • Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished.

  • Deprecate the SSL cipher policy code

  • Avoid uninitialized data read in the event of a decryption failure. (CVE-2013-1739) Changes coming with version 3.15.1 :

  • TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations: The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1. AES GCM cipher suites are not yet supported.

  • some bugfixes and improvements Changes with version 3.15

  • New Functionality

  • Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);

  • Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete.

  • Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.

  • certutil has been updated to support creating name constraints extensions.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(70937);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2013-1739");

  script_name(english:"SuSE 11.2 Security Update : Mozilla NSS (SAT Patch Number 8484)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mozilla NSS has been updated to 3.15.2 (bnc#847708) bringing various
features and bugfixes :

The main feature is TLS 1.2 support and its dependent algorithms.

  - Support for AES-GCM ciphersuites that use the SHA-256
    PRF

  - MD2, MD4, and MD5 signatures are no longer accepted for
    OCSP or CRLs

  - Add PK11_CipherFinal macro

  - sizeof() used incorrectly

  - nssutil_ReadSecmodDB() leaks memory

  - Allow SSL_HandshakeNegotiatedExtension to be called
    before the handshake is finished.

  - Deprecate the SSL cipher policy code

  - Avoid uninitialized data read in the event of a
    decryption failure. (CVE-2013-1739) Changes coming with
    version 3.15.1 :

  - TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher
    suites (RFC 5246 and RFC 5289) are supported, allowing
    TLS to be used without MD5 and SHA-1. Note the following
    limitations: The hash function used in the signature for
    TLS 1.2 client authentication must be the hash function
    of the TLS 1.2 PRF, which is always SHA-256 in NSS
    3.15.1. AES GCM cipher suites are not yet supported.

  - some bugfixes and improvements Changes with version 3.15

  - New Functionality

  - Support for OCSP Stapling (RFC 6066, Certificate Status
    Request) has been added for both client and server
    sockets. TLS client applications may enable this via a
    call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING,
    PR_TRUE);

  - Added function SECITEM_ReallocItemV2. It replaces
    function SECITEM_ReallocItem, which is now declared as
    obsolete.

  - Support for single-operation (eg: not multi-part)
    symmetric key encryption and decryption, via
    PK11_Encrypt and PK11_Decrypt.

  - certutil has been updated to support creating name
    constraints extensions."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=847708"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1739.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 8484.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libfreebl3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nspr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nspr-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/10/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");


flag = 0;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libfreebl3-3.15.2-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"libfreebl3-32bit-3.15.2-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"mozilla-nspr-4.10.1-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"mozilla-nspr-32bit-4.10.1-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"mozilla-nss-3.15.2-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"mozilla-nss-32bit-3.15.2-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"mozilla-nss-tools-3.15.2-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libfreebl3-3.15.2-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"libfreebl3-32bit-3.15.2-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"mozilla-nspr-4.10.1-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"mozilla-nspr-32bit-4.10.1-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"mozilla-nss-3.15.2-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"mozilla-nss-32bit-3.15.2-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"mozilla-nss-tools-3.15.2-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libfreebl3-3.15.2-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"libfreebl3-32bit-3.15.2-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"mozilla-nspr-4.10.1-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"mozilla-nspr-32bit-4.10.1-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"mozilla-nss-3.15.2-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"mozilla-nss-32bit-3.15.2-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"mozilla-nss-tools-3.15.2-0.3.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:libfreebl3
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozilla-nspr
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozilla-nspr-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozilla-nss
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools
novellsuse_linux11cpe:/o:novell:suse_linux:11

Related

nessus 46
debian 3
cve 1
securityvulns 3
prion 1
openvas 29
cvelist 1
debiancve 1
ubuntucve 1
veracode 4
ubuntu 3
mozilla 1
oraclelinux 2
centos 2
amazon 2
redhat 3
gentoo 1
mageia 1
suse 1
freebsd 1
oracle 4
nessus
nessus
Debian DSA-2790-1 : nss - uninitialized memory read
2013-11-04 00:00:00
SuSE 11.2 / 11.3 Security Update : Mozilla NSS (SAT Patch Numbers 8484 / 8485)
2013-11-17 00:00:00
Mandriva Linux Security Advisory : nss (MDVSA-2013:257)
2013-10-24 00:00:00
debian
debian
[SECURITY] [DSA 2790-1] nss security update
2013-11-02 06:11:59
[SECURITY] [DSA 2790-1] nss security update
2013-11-02 06:11:39
[BSA-091] Security Update for nss
2014-02-11 15:24:46
cve
cve
CVE-2013-1739
2013-10-22 22:55:00
securityvulns
securityvulns
Mozilla nss uninitialized memory dereference
2013-10-28 00:00:00
[ MDVSA-2013:257 ] nss
2013-10-28 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2013-11-05 00:00:00
prion
prion
Design/Logic Flaw
2013-10-22 22:55:00
openvas
openvas
Debian: Security Advisory (DSA-2790-1)
2013-11-01 00:00:00
Debian Security Advisory DSA 2790-1 (nss - uninitialized memory read)
2013-11-02 00:00:00
Ubuntu: Security Advisory (USN-2030-1)
2013-11-21 00:00:00
cvelist
cvelist
CVE-2013-1739
2013-10-22 22:00:00
debiancve
debiancve
CVE-2013-1739
2013-10-22 22:55:00
ubuntucve
ubuntucve
CVE-2013-1739
2013-10-16 00:00:00
veracode
veracode
Denial Of Service
2019-01-15 08:52:48
Denial Of Service (DoS)
2019-05-02 05:00:20
Authentication Bypass
2019-05-02 05:00:22
ubuntu
ubuntu
NSS vulnerabilities
2013-11-18 00:00:00
Thunderbird vulnerabilities
2013-10-31 00:00:00
Firefox vulnerabilities
2013-10-29 00:00:00
mozilla
mozilla
Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10) — Mozilla
2013-10-29 00:00:00
oraclelinux
oraclelinux
nss and nspr security, bug fix, and enhancement update
2013-12-05 00:00:00
nss, nspr, and nss-util security update
2013-12-12 00:00:00
centos
centos
nspr, nss security update
2013-12-13 00:04:31
nspr, nss security update
2013-12-05 17:45:58
amazon
amazon
Important: nss
2013-12-17 21:31:00
Important: nspr
2013-12-17 21:31:00
redhat
redhat
(RHSA-2013:1829) Important: nss, nspr, and nss-util security update
2013-12-12 00:00:00
(RHSA-2013:1791) Important: nss and nspr security, bug fix, and enhancement update
2013-12-05 00:00:00
(RHSA-2014:0041) Important: rhev-hypervisor6 security update
2014-01-21 00:00:00
gentoo
gentoo
Mozilla Network Security Service: Multiple vulnerabilities
2014-06-21 00:00:00
mageia
mageia
Updated firefox & related packages fix multiple security vulnerabilities
2013-11-09 22:55:13
suse
suse
Security update for Mozilla Firefox (important)
2013-11-15 03:04:14
freebsd
freebsd
mozilla -- multiple vulnerabilities
2013-10-29 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00
JSON
Related for SUSE_11_MOZILLA-NSS-201310-131029.NASL
nessus46debian3cve1securityvulns3prion1openvas29cvelist1debiancve1ubuntucve1veracode4ubuntu3mozilla1oraclelinux2centos2amazon2redhat3gentoo1mageia1suse1freebsd1oracle4