Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 Tenable Network Security, Inc.SUSE_MOZILLA-NSPR-7196.NASL
HistoryNov 05, 2010 - 12:00 a.m.

SuSE 10 Security Update : Mozilla (ZYPP Patch Number 7196)

2010-11-0500:00:00
This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.
www.tenable.com
20
JSON

The Mozilla NSS Library was updated to version 3.12.8 and the Mozilla NSPR Library was updated to 4.8.6 to fix various bugs and one security issue :

  • Disallow wildcard matching in X509 certificate Common Names. (CVE-2010-3170)

This update also has preparations for Firefox 4 support, and a updated Root Certificate Authority list.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(50489);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-3170");

  script_name(english:"SuSE 10 Security Update : Mozilla (ZYPP Patch Number 7196)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 10 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The Mozilla NSS Library was updated to version 3.12.8 and the Mozilla
NSPR Library was updated to 4.8.6 to fix various bugs and one security
issue :

  - Disallow wildcard matching in X509 certificate Common
    Names. (CVE-2010-3170)

This update also has preparations for Firefox 4 support, and a updated
Root Certificate Authority list."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-3170.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7196.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/10/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SLED10", sp:3, reference:"mozilla-nspr-4.8.6-1.6.1")) flag++;
if (rpm_check(release:"SLED10", sp:3, reference:"mozilla-nspr-devel-4.8.6-1.6.1")) flag++;
if (rpm_check(release:"SLED10", sp:3, reference:"mozilla-nss-3.12.8-1.4.1")) flag++;
if (rpm_check(release:"SLED10", sp:3, reference:"mozilla-nss-devel-3.12.8-1.4.1")) flag++;
if (rpm_check(release:"SLED10", sp:3, reference:"mozilla-nss-tools-3.12.8-1.4.1")) flag++;
if (rpm_check(release:"SLED10", sp:3, cpu:"x86_64", reference:"mozilla-nspr-32bit-4.8.6-1.6.1")) flag++;
if (rpm_check(release:"SLED10", sp:3, cpu:"x86_64", reference:"mozilla-nss-32bit-3.12.8-1.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-nspr-4.8.6-1.6.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-nspr-devel-4.8.6-1.6.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-nss-3.12.8-1.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-nss-devel-3.12.8-1.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, reference:"mozilla-nss-tools-3.12.8-1.4.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"mozilla-nspr-32bit-4.8.6-1.6.1")) flag++;
if (rpm_check(release:"SLES10", sp:3, cpu:"x86_64", reference:"mozilla-nss-32bit-3.12.8-1.4.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else exit(0, "The host is not affected.");
VendorProductVersionCPE
susesuse_linuxcpe:/o:suse:suse_linux

Related

fedora 9
openvas 47
nessus 46
debiancve 1
oraclelinux 3
veracode 1
securityvulns 2
prion 1
mozilla 1
ubuntucve 1
redhat 3
cve 1
debian 3
osv 1
ubuntu 1
centos 2
freebsd 1
suse 2
vmware 2
gentoo 1
fedora
fedora
[SECURITY] Fedora 13 Update: nss-3.12.8-2.fc13
2010-10-27 22:30:59
[SECURITY] Fedora 14 Update: nss-3.12.8-2.fc14
2010-10-28 05:48:31
[SECURITY] Fedora 14 Update: nss-softokn-3.12.8-1.fc14
2010-10-28 05:48:31
openvas
openvas
Fedora Update for nss-softokn FEDORA-2010-15520
2010-11-04 00:00:00
Oracle: Security Advisory (ELSA-2010-0862)
2015-10-06 00:00:00
Fedora Update for nss-softokn FEDORA-2010-15897
2010-12-02 00:00:00
nessus
nessus
Fedora 14 : nss-3.12.8-2.fc14 / nss-softokn-3.12.8-1.fc14 / nss-util-3.12.8-1.fc14 (2010-15897)
2010-10-29 00:00:00
Fedora 12 : nss-3.12.8-2.fc12 / nss-softokn-3.12.8-1.fc12 / nss-util-3.12.8-1.fc12 (2010-15989)
2010-11-05 00:00:00
Scientific Linux Security Update : nss on SL6.x i386/x86_64
2012-08-01 00:00:00
debiancve
debiancve
CVE-2010-3170
2010-10-21 19:00:00
oraclelinux
oraclelinux
nss security update
2011-02-11 00:00:00
seamonkey security update
2010-10-20 00:00:00
firefox security update
2010-10-20 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:53:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-70
2010-10-23 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey / NSS multiple security vulnerabilities
2010-10-23 00:00:00
prion
prion
Design/Logic Flaw
2010-10-21 19:00:00
mozilla
mozilla
SSL wildcard certificate matching IP addresses — Mozilla
2010-10-19 00:00:00
ubuntucve
ubuntucve
CVE-2010-3170
2010-10-20 00:00:00
redhat
redhat
(RHSA-2010:0862) Low: nss security update
2010-11-10 00:00:00
(RHSA-2010:0781) Critical: seamonkey security update
2010-10-19 00:00:00
(RHSA-2010:0782) Critical: firefox security update
2010-10-19 00:00:00
cve
cve
CVE-2010-3170
2010-10-21 19:00:00
debian
debian
[SECURITY] [DSA 2123-1] New NSS packages fix cryptographic weaknesses
2010-11-01 19:45:41
BSA-009 Security Update for nss
2010-11-02 19:04:18
BSA-009 Security Update for nss
2010-11-02 15:06:03
osv
osv
nss - cryptographic weaknesses
2010-11-01 00:00:00
ubuntu
ubuntu
NSS vulnerabilities
2010-10-20 00:00:00
centos
centos
seamonkey security update
2010-10-25 12:12:58
firefox, nss, xulrunner security update
2010-10-20 14:29:05
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-10-19 00:00:00
suse
suse
remote code execution in MozillaFirefox,seamonkey,MozillaThunderbird
2010-11-08 11:27:17
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
vmware
vmware
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-10-27 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
JSON
Related for SUSE_MOZILLA-NSPR-7196.NASL
fedora9openvas47nessus46debiancve1oraclelinux3veracode1securityvulns2prion1mozilla1ubuntucve1redhat3cve1debian3osv1ubuntu1centos2freebsd1suse2vmware2gentoo1