Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3163-1.NASL
HistoryJan 05, 2017 - 12:00 a.m.

Ubuntu 14.04 LTS / 16.04 LTS : NSS vulnerabilities (USN-3163-1)

2017-01-0500:00:00
Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
54
JSON

It was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause NSS to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-5285)

Hubert Kario discovered that NSS incorrectly handled Diffie Hellman client key exchanges. A remote attacker could possibly use this flaw to perform a small subgroup confinement attack and recover private keys. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-8635)

Franziskus Kiefer discovered that NSS incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys. (CVE-2016-9074)

This update refreshes the NSS package to version 3.26.2 which includes the latest CA certificate bundle.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3163-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(96304);
  script_version("3.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id("CVE-2016-5285", "CVE-2016-8635", "CVE-2016-9074");
  script_xref(name:"USN", value:"3163-1");

  script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS : NSS vulnerabilities (USN-3163-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"It was discovered that NSS incorrectly handled certain invalid
Diffie-Hellman keys. A remote attacker could possibly use this flaw to
cause NSS to crash, resulting in a denial of service. This issue only
applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2016-5285)

Hubert Kario discovered that NSS incorrectly handled Diffie Hellman
client key exchanges. A remote attacker could possibly use this flaw
to perform a small subgroup confinement attack and recover private
keys. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS
and Ubuntu 16.04 LTS. (CVE-2016-8635)

Franziskus Kiefer discovered that NSS incorrectly mitigated certain
timing side-channel attacks. A remote attacker could possibly use this
flaw to recover private keys. (CVE-2016-9074)

This update refreshes the NSS package to version 3.26.2 which includes
the latest CA certificate bundle.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3163-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-9074");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/01/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3-1d");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3-nssdb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release || '16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'libnss3', 'pkgver': '2:3.26.2-0ubuntu0.14.04.3'},
    {'osver': '14.04', 'pkgname': 'libnss3-1d', 'pkgver': '2:3.26.2-0ubuntu0.14.04.3'},
    {'osver': '14.04', 'pkgname': 'libnss3-dev', 'pkgver': '2:3.26.2-0ubuntu0.14.04.3'},
    {'osver': '14.04', 'pkgname': 'libnss3-nssdb', 'pkgver': '2:3.26.2-0ubuntu0.14.04.3'},
    {'osver': '14.04', 'pkgname': 'libnss3-tools', 'pkgver': '2:3.26.2-0ubuntu0.14.04.3'},
    {'osver': '16.04', 'pkgname': 'libnss3', 'pkgver': '2:3.26.2-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'libnss3-1d', 'pkgver': '2:3.26.2-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'libnss3-dev', 'pkgver': '2:3.26.2-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'libnss3-nssdb', 'pkgver': '2:3.26.2-0ubuntu0.16.04.2'},
    {'osver': '16.04', 'pkgname': 'libnss3-tools', 'pkgver': '2:3.26.2-0ubuntu0.16.04.2'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libnss3 / libnss3-1d / libnss3-dev / libnss3-nssdb / libnss3-tools');
}
VendorProductVersionCPE
canonicalubuntu_linuxlibnss3p-cpe:/a:canonical:ubuntu_linux:libnss3
canonicalubuntu_linuxlibnss3-1dp-cpe:/a:canonical:ubuntu_linux:libnss3-1d
canonicalubuntu_linuxlibnss3-devp-cpe:/a:canonical:ubuntu_linux:libnss3-dev
canonicalubuntu_linuxlibnss3-nssdbp-cpe:/a:canonical:ubuntu_linux:libnss3-nssdb
canonicalubuntu_linuxlibnss3-toolsp-cpe:/a:canonical:ubuntu_linux:libnss3-tools
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts

Related

ubuntu 1
openvas 18
nessus 26
redhat 1
ibm 14
amazon 1
centos 1
symantec 1
gentoo 2
oraclelinux 1
veracode 2
prion 3
redhatcve 3
ubuntucve 3
debiancve 3
cve 3
debian 5
osv 2
suse 7
mageia 1
mozilla 3
kaspersky 1
freebsd 1
oracle 1
ubuntu
ubuntu
NSS vulnerabilities
2017-01-04 00:00:00
openvas
openvas
Ubuntu Update for nss USN-3163-1
2017-01-05 00:00:00
Huawei EulerOS: Security Advisory for nss, nss-util (EulerOS-SA-2016-1084)
2020-01-23 00:00:00
CentOS Update for nss-util CESA-2016:2779 centos6
2016-11-20 00:00:00
nessus
nessus
Oracle Linux 5 / 6 / 7 : nss / nss-util (ELSA-2016-2779)
2016-11-17 00:00:00
CentOS 5 / 6 / 7 : nss / nss-util (CESA-2016:2779)
2016-11-21 00:00:00
EulerOS 2.0 SP1 : nss, nss-util (EulerOS-SA-2016-1084)
2017-05-01 00:00:00
redhat
redhat
(RHSA-2016:2779) Moderate: nss and nss-util security update
2016-11-16 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Mozilla Network Security Services (NSS) affect IBM MQ Appliance (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635)
2018-06-15 07:06:54
Security Bulletin: Vulnerabilities in Mozilla Network Security Services (NSS) affect PowerKVM
2018-06-18 01:34:46
Security Bulletin: Vulnerabilities in Mozilla NSS affect the IBM FlashSystem model V840
2018-06-18 00:32:47
amazon
amazon
Medium: nss-util, nss, nss-softokn
2016-12-15 00:32:00
centos
centos
nss security update
2016-11-19 11:17:02
symantec
symantec
SA137 : NSS Vulnerabilities
2016-12-20 08:00:00
gentoo
gentoo
Mozilla Network Security Service (NSS): Multiple vulnerabilities
2017-01-19 00:00:00
Mozilla Firefox, Thunderbird: Multiple vulnerabilities
2017-01-03 00:00:00
oraclelinux
oraclelinux
nss and nss-util security update
2016-11-16 00:00:00
veracode
veracode
Null Pointer Dereference
2019-05-02 06:02:29
Information Disclosure
2019-05-02 06:02:29
prion
prion
Null pointer dereference
2019-11-15 16:15:00
Design/Logic Flaw
2018-08-01 13:29:00
Design/Logic Flaw
2018-06-11 21:29:00
redhatcve
redhatcve
CVE-2016-5285
2016-11-16 03:47:19
CVE-2016-8635
2016-11-16 03:47:31
CVE-2016-9074
2016-11-18 15:47:34
ubuntucve
ubuntucve
CVE-2016-5285
2016-11-16 00:00:00
CVE-2016-8635
2016-11-17 00:00:00
CVE-2016-9074
2016-11-16 00:00:00
debiancve
debiancve
CVE-2016-5285
2019-11-15 16:15:00
CVE-2016-8635
2018-08-01 13:29:00
CVE-2016-9074
2018-06-11 21:29:00
cve
cve
CVE-2016-5285
2019-11-15 16:15:00
CVE-2016-8635
2018-08-01 13:29:00
CVE-2016-9074
2018-06-11 21:29:00
debian
debian
[SECURITY] [DLA 759-1] nss security update
2016-12-23 10:42:34
[SECURITY] [DSA 3730-1] icedove security update
2016-12-11 16:05:42
[SECURITY] [DSA 3730-1] icedove security update
2016-12-11 16:05:42
osv
osv
nss - security update
2016-12-23 00:00:00
icedove - security update
2016-12-17 00:00:00
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2016-12-05 21:07:10
Security update for MozillaFirefox, mozilla-nss (important)
2016-12-10 23:09:49
Security update for MozillaFirefox, mozilla-nss (important)
2016-12-13 13:07:50
mageia
mageia
Updated nss and firefox packages fix security vulnerabilities
2016-11-17 17:10:52
mozilla
mozilla
Security vulnerabilities fixed in Thunderbird 45.5 β€” Mozilla
2016-11-18 00:00:00
Security vulnerabilities fixed in Firefox ESR 45.5 β€” Mozilla
2016-11-15 00:00:00
Security vulnerabilities fixed in Firefox 50 β€” Mozilla
2016-11-15 00:00:00
kaspersky
kaspersky
KLA11272 Multiple vulnerabilities in Mozilla Firefox
2016-11-15 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2016-11-15 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2017
2017-10-17 00:00:00
JSON
Related for UBUNTU_USN-3163-1.NASL
ubuntu1openvas18nessus26redhat1ibm14amazon1centos1symantec1gentoo2oraclelinux1veracode2prion3redhatcve3ubuntucve3debiancve3cve3debian5osv2suse7mageia1mozilla3kaspersky1freebsd1oracle1