Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2903-1.NASL
HistoryFeb 18, 2016 - 12:00 a.m.

Ubuntu 14.04 LTS : NSS vulnerability (USN-2903-1)

2016-02-1800:00:00
Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

Hanno Bock discovered that NSS incorrectly handled certain division functions, possibly leading to cryptographic weaknesses.
(CVE-2015-1938)

This update also refreshes the NSS package to version 3.21 which includes the latest CA certificate bundle, and removes the SPI CA.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2903-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(88838);
  script_version("2.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/23");

  script_cve_id("CVE-2016-1938");
  script_xref(name:"USN", value:"2903-1");

  script_name(english:"Ubuntu 14.04 LTS : NSS vulnerability (USN-2903-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"Hanno Bock discovered that NSS incorrectly handled certain division
functions, possibly leading to cryptographic weaknesses.
(CVE-2015-1938)

This update also refreshes the NSS package to version 3.21 which
includes the latest CA certificate bundle, and removes the SPI CA.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2903-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1938");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/02/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3-1d");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3-nssdb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'libnss3', 'pkgver': '2:3.21-0ubuntu0.14.04.1'},
    {'osver': '14.04', 'pkgname': 'libnss3-1d', 'pkgver': '2:3.21-0ubuntu0.14.04.1'},
    {'osver': '14.04', 'pkgname': 'libnss3-dev', 'pkgver': '2:3.21-0ubuntu0.14.04.1'},
    {'osver': '14.04', 'pkgname': 'libnss3-nssdb', 'pkgver': '2:3.21-0ubuntu0.14.04.1'},
    {'osver': '14.04', 'pkgname': 'libnss3-tools', 'pkgver': '2:3.21-0ubuntu0.14.04.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libnss3 / libnss3-1d / libnss3-dev / libnss3-nssdb / libnss3-tools');
}
VendorProductVersionCPE
canonicalubuntu_linuxlibnss3p-cpe:/a:canonical:ubuntu_linux:libnss3
canonicalubuntu_linuxlibnss3-1dp-cpe:/a:canonical:ubuntu_linux:libnss3-1d
canonicalubuntu_linuxlibnss3-devp-cpe:/a:canonical:ubuntu_linux:libnss3-dev
canonicalubuntu_linuxlibnss3-nssdbp-cpe:/a:canonical:ubuntu_linux:libnss3-nssdb
canonicalubuntu_linuxlibnss3-toolsp-cpe:/a:canonical:ubuntu_linux:libnss3-tools
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts

Related

checkpoint_advisories 1
zdi 1
prion 3
openvas 19
ubuntu 5
nessus 20
osv 3
mozilla 1
debian 3
cve 3
ubuntucve 1
debiancve 1
freebsd 1
suse 4
gentoo 2
kaspersky 1
ibm 2
oracle 1
checkpoint_advisories
checkpoint_advisories
IBM Tivoli Storage Manager FastBack Server Opcode 1331 lza32 Command Injection (CVE-2015-1938)
2015-11-01 00:00:00
zdi
zdi
IBM Tivoli Storage Manager FastBack Server Opcode 1331 lza32 Command Injection Remote Code Execution Vulnerability
2015-06-30 00:00:00
prion
prion
Code injection
2016-01-31 18:59:00
Design/Logic Flaw
2015-06-30 15:59:00
Design/Logic Flaw
2015-06-30 15:59:00
openvas
openvas
Ubuntu: Security Advisory (USN-2903-1)
2016-02-18 00:00:00
Debian: Security Advisory (DLA-427-1)
2023-03-08 00:00:00
Mozilla Firefox Security Advisory (MFSA2016-07) - Linux
2021-11-08 00:00:00
ubuntu
ubuntu
NSS vulnerability
2016-02-17 00:00:00
NSS regression
2016-02-23 00:00:00
Thunderbird vulnerabilities
2016-05-19 00:00:00
nessus
nessus
Ubuntu 12.04 LTS : nss regression (USN-2903-2)
2016-02-24 00:00:00
Debian DLA-427-1 : nss security update
2016-02-25 00:00:00
FreeBSD : NSS -- multiple vulnerabilities (75091516-6f4b-4059-9884-6727023dc366)
2016-03-09 00:00:00
osv
osv
nss - security update
2016-02-24 00:00:00
nss - security update
2016-05-18 00:00:00
nss - security update
2016-10-05 00:00:00
mozilla
mozilla
Errors in mp_div and mp_exptmod cryptographic functions in NSS — Mozilla
2016-01-26 00:00:00
debian
debian
[SECURITY] [DLA 427-1] nss security update
2016-02-24 06:59:57
[SECURITY] [DLA 480-1] nss security update
2016-05-18 18:34:37
[SECURITY] [DSA 3688-1] nss security update
2016-10-05 20:20:43
cve
cve
CVE-2016-1938
2016-01-31 18:59:00
CVE-2015-1938
2015-06-30 15:59:00
CVE-2015-1986
2015-06-30 15:59:00
ubuntucve
ubuntucve
CVE-2016-1938
2016-01-26 00:00:00
debiancve
debiancve
CVE-2016-1938
2016-01-31 18:59:00
freebsd
freebsd
NSS -- multiple vulnerabilities
2016-01-26 00:00:00
suse
suse
Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss (important)
2016-02-04 19:11:54
Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss (important)
2016-02-04 19:16:05
Security update for the MozillaFirefox, mozilla-nss and mozilla-nspr (important)
2016-02-02 02:12:22
gentoo
gentoo
Mozilla Network Security Service (NSS): Multiple vulnerabilities
2017-01-19 00:00:00
Mozilla Products: Multiple vulnerabilities
2016-05-31 00:00:00
kaspersky
kaspersky
KLA10748 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2016-01-26 00:00:00
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities in IBM Tivoli Storage Manager FastBack
2022-08-19 23:26:06
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21
oracle
oracle
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
JSON
Related for UBUNTU_USN-2903-1.NASL
checkpoint_advisories1zdi1prion3openvas19ubuntu5nessus20osv3mozilla1debian3cve3ubuntucve1debiancve1freebsd1suse4gentoo2kaspersky1ibm2oracle1