Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc.UBUNTU_USN-361-1.NASL
HistoryNov 10, 2007 - 12:00 a.m.

Ubuntu 5.04 / 5.10 : mozilla vulnerabilities (USN-361-1)

2007-11-1000:00:00
Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc.
www.tenable.com
18
JSON

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL. (CVE-2006-2788, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565, CVE-2006-4568, CVE-2006-4571)

A bug was found in the script handler for automatic proxy configuration. A malicious proxy could send scripts which could execute arbitrary code with the user’s privileges. (CVE-2006-3808)

The NSS library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge valid signatures without the need of the secret key. (CVE-2006-4340)

Georgi Guninski discovered that even with JavaScript disabled, a malicous email could still execute JavaScript when the message is viewed, replied to, or forwarded by putting the script in a remote XBL file loaded by the message. (CVE-2006-4570).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-361-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(27941);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2006-2788", "CVE-2006-3805", "CVE-2006-3806", "CVE-2006-3807", "CVE-2006-3808", "CVE-2006-3809", "CVE-2006-3811", "CVE-2006-4340", "CVE-2006-4565", "CVE-2006-4568", "CVE-2006-4570", "CVE-2006-4571", "CVE-2006-5462", "CVE-2007-1794");
  script_bugtraq_id(19849, 20042);
  script_xref(name:"USN", value:"361-1");

  script_name(english:"Ubuntu 5.04 / 5.10 : mozilla vulnerabilities (USN-361-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious URL. (CVE-2006-2788, CVE-2006-3805, CVE-2006-3806,
CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565,
CVE-2006-4568, CVE-2006-4571)

A bug was found in the script handler for automatic proxy
configuration. A malicious proxy could send scripts which could
execute arbitrary code with the user's privileges. (CVE-2006-3808)

The NSS library did not sufficiently check the padding of PKCS #1 v1.5
signatures if the exponent of the public key is 3 (which is widely
used for CAs). This could be exploited to forge valid signatures
without the need of the secret key. (CVE-2006-4340)

Georgi Guninski discovered that even with JavaScript disabled, a
malicous email could still execute JavaScript when the message is
viewed, replied to, or forwarded by putting the script in a remote XBL
file loaded by the message. (CVE-2006-4570).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 79, 119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnspr-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnspr4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-browser");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-chatzilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-js-debugger");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-mailnews");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mozilla-psm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/10/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(5\.04|5\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04 / 5.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"5.04", pkgname:"libnspr-dev", pkgver:"1.7.13-0ubuntu05.04.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"libnspr4", pkgver:"2:1.7.13-0ubuntu05.04.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"libnss-dev", pkgver:"1.7.13-0ubuntu05.04.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"libnss3", pkgver:"2:1.7.13-0ubuntu05.04.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"mozilla", pkgver:"1.7.13-0ubuntu05.04.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"mozilla-browser", pkgver:"2:1.7.13-0ubuntu05.04.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"mozilla-calendar", pkgver:"1.7.13-0ubuntu05.04.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"mozilla-chatzilla", pkgver:"1.7.13-0ubuntu05.04.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"mozilla-dev", pkgver:"1.7.13-0ubuntu05.04.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"mozilla-dom-inspector", pkgver:"1.7.13-0ubuntu05.04.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"mozilla-js-debugger", pkgver:"1.7.13-0ubuntu05.04.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"mozilla-mailnews", pkgver:"2:1.7.13-0ubuntu05.04.2")) flag++;
if (ubuntu_check(osver:"5.04", pkgname:"mozilla-psm", pkgver:"2:1.7.13-0ubuntu05.04.2")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"libnspr-dev", pkgver:"1.7.13-0ubuntu5.10.2")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"libnspr4", pkgver:"2:1.7.13-0ubuntu5.10.2")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"libnss-dev", pkgver:"1.7.13-0ubuntu5.10.2")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"libnss3", pkgver:"2:1.7.13-0ubuntu5.10.2")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"mozilla", pkgver:"1.7.13-0ubuntu5.10.2")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"mozilla-browser", pkgver:"2:1.7.13-0ubuntu5.10.2")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"mozilla-calendar", pkgver:"1.7.13-0ubuntu5.10.2")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"mozilla-chatzilla", pkgver:"1.7.13-0ubuntu5.10.2")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"mozilla-dev", pkgver:"1.7.13-0ubuntu5.10.2")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"mozilla-dom-inspector", pkgver:"1.7.13-0ubuntu5.10.2")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"mozilla-js-debugger", pkgver:"1.7.13-0ubuntu5.10.2")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"mozilla-mailnews", pkgver:"2:1.7.13-0ubuntu5.10.2")) flag++;
if (ubuntu_check(osver:"5.10", pkgname:"mozilla-psm", pkgver:"2:1.7.13-0ubuntu5.10.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libnspr-dev / libnspr4 / libnss-dev / libnss3 / mozilla / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxlibnspr-devp-cpe:/a:canonical:ubuntu_linux:libnspr-dev
canonicalubuntu_linuxlibnspr4p-cpe:/a:canonical:ubuntu_linux:libnspr4
canonicalubuntu_linuxlibnss-devp-cpe:/a:canonical:ubuntu_linux:libnss-dev
canonicalubuntu_linuxlibnss3p-cpe:/a:canonical:ubuntu_linux:libnss3
canonicalubuntu_linuxmozillap-cpe:/a:canonical:ubuntu_linux:mozilla
canonicalubuntu_linuxmozilla-browserp-cpe:/a:canonical:ubuntu_linux:mozilla-browser
canonicalubuntu_linuxmozilla-calendarp-cpe:/a:canonical:ubuntu_linux:mozilla-calendar
canonicalubuntu_linuxmozilla-chatzillap-cpe:/a:canonical:ubuntu_linux:mozilla-chatzilla
canonicalubuntu_linuxmozilla-devp-cpe:/a:canonical:ubuntu_linux:mozilla-dev
canonicalubuntu_linuxmozilla-dom-inspectorp-cpe:/a:canonical:ubuntu_linux:mozilla-dom-inspector
Rows per page:
1-10 of 151

Related

openvas 40
ubuntu 6
debian 9
osv 6
nessus 59
redhat 8
centos 9
oraclelinux 5
gentoo 6
freebsd 2
suse 2
ubuntucve 10
debiancve 9
prion 1
cve 9
mozilla 7
cert 4
securityvulns 1
veracode 5
checkpoint_advisories 1
openvas
openvas
Ubuntu: Security Advisory (USN-361-1)
2022-08-26 00:00:00
Debian Security Advisory DSA 1161-1 (mozilla-firefox)
2008-01-17 00:00:00
Debian Security Advisory DSA 1161-2 (mozilla-firefox)
2008-01-17 00:00:00
ubuntu
ubuntu
Mozilla vulnerabilities
2006-10-10 00:00:00
Thunderbird vulnerabilities
2006-09-22 00:00:00
Thunderbird vulnerabilities
2006-09-25 00:00:00
debian
debian
[SECURITY] [DSA 1161-2] New Mozilla Firefox packages fix several vulnerabilities
2006-09-13 00:00:00
[SECURITY] [DSA 1161-1] New Mozilla Firefox packages fix several vulnerabilities
2006-08-29 00:00:00
[SECURITY] [DSA 1192-1] New Mozilla packages fix several vulnerabilities
2006-10-06 00:00:00
osv
osv
mozilla-firefox - several vulnerabilities
2006-08-29 00:00:00
mozilla-thunderbird
2006-10-05 00:00:00
mozilla
2006-10-06 00:00:00
nessus
nessus
Debian DSA-1161-2 : mozilla-firefox - several vulnerabilities
2006-10-14 00:00:00
Debian DSA-1192-1 : mozilla - several vulnerabilities
2006-10-14 00:00:00
Debian DSA-1191-1 : mozilla-thunderbird - several vulnerabilities
2006-10-14 00:00:00
redhat
redhat
(RHSA-2006:0676) seamonkey security update
2006-09-15 00:00:00
(RHSA-2006:0677) thunderbird security update
2006-09-15 00:00:00
(RHSA-2006:0675) firefox security update
2006-09-15 00:00:00
centos
centos
seamonkey security update
2006-09-17 23:20:54
devhelp, seamonkey security update
2006-09-15 14:57:11
thunderbird security update
2006-09-15 14:57:35
oraclelinux
oraclelinux
Critical seamonkey security update
2006-12-07 00:00:00
Critical thunderbird security update
2006-12-07 00:00:00
Critical firefox security update
2006-12-07 00:00:00
gentoo
gentoo
Seamonkey: Multiple vulnerabilities
2006-10-16 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2006-10-04 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2006-08-03 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2006-09-14 00:00:00
mozilla -- multiple vulnerabilities
2006-07-25 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2006-09-22 13:02:47
remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey
2006-08-16 15:11:18
ubuntucve
ubuntucve
CVE-2006-5462
2006-11-08 00:00:00
CVE-2006-4340
2006-09-15 00:00:00
CVE-2006-4570
2006-09-15 00:00:00
debiancve
debiancve
CVE-2006-5462
2006-11-08 21:07:00
CVE-2006-4340
2006-09-15 18:07:00
CVE-2006-4570
2006-09-15 19:07:00
prion
prion
Design/Logic Flaw
2007-04-02 22:19:00
cve
cve
CVE-2006-5462
2006-11-08 21:07:00
CVE-2007-1794
2007-04-02 22:19:00
CVE-2006-4340
2006-09-15 18:07:00
mozilla
mozilla
JavaScript engine vulnerabilities — Mozilla
2006-07-25 00:00:00
JavaScript execution in mail via XBL — Mozilla
2006-09-14 00:00:00
Crashes with evidence of memory corruption (rv:1.8.0.7) — Mozilla
2006-09-14 00:00:00
cert
cert
OpenSSL SSLv2 client code fails to properly check for NULL
2006-09-28 00:00:00
OpenSSL SSL_get_shared_ciphers() vulnerable to buffer overflow
2006-09-28 00:00:00
The Mozilla Network Security Services library fails to properly verify RSA signatures
2006-11-08 00:00:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA06-208A -- Mozilla Products Contain Multiple Vulnerabilities
2006-07-28 00:00:00
veracode
veracode
Restriction Bypass
2020-04-10 00:13:13
Spoofable SSL Certificate
2020-04-10 00:13:11
Denial Of Service (DoS)
2020-04-10 00:12:15
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox Javascript Engine Code Execution - Ver2 (CVE-2006-3806)
2014-12-28 00:00:00
JSON
Related for UBUNTU_USN-361-1.NASL
openvas40ubuntu6debian9osv6nessus59redhat8centos9oraclelinux5gentoo6freebsd2suse2ubuntucve10debiancve9prion1cve9mozilla7cert4securityvulns1veracode5checkpoint_advisories1