Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : NSS vulnerabilities (USN-6727-1)

2024-04-1000:00:00

www.tenable.com

ubuntu

nss

vulnerabilities

usn-6727-1

bleichenbacher-like attacks

timing side-channel

pkcs#1 v1.5

rsa decryption

minerva

firefox

thunderbird.

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.8%

JSON

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6727-1 advisory.

The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim’s key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS < 3.61. (CVE-2023-4421)
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2023-5388)
Multiple NSS NIST curves were susceptible to a side-channel attack known as Minerva. This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.
(CVE-2023-6135)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-6727-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(193171);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/10");

  script_cve_id("CVE-2023-4421", "CVE-2023-5388", "CVE-2023-6135");
  script_xref(name:"USN", value:"6727-1");

  script_name(english:"Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : NSS vulnerabilities (USN-6727-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple
vulnerabilities as referenced in the USN-6727-1 advisory.

  - The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like
    attacks. Both the overall correctness of the padding as well as the length of the encrypted message was
    leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the
    attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt
    a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was
    fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random
    message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability
    affects NSS < 3.61. (CVE-2023-4421)

  - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could
    potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124,
    Firefox ESR < 115.9, and Thunderbird < 115.9. (CVE-2023-5388)

  - Multiple NSS NIST curves were susceptible to a side-channel attack known as Minerva. This attack could
    potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.
    (CVE-2023-6135)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-6727-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected libnss3, libnss3-dev and / or libnss3-tools packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-4421");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/04/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:23.10");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3-tools");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('20.04' >< os_release || '22.04' >< os_release || '23.10' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04 / 23.10', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '20.04', 'pkgname': 'libnss3', 'pkgver': '2:3.98-0ubuntu0.20.04.1'},
    {'osver': '20.04', 'pkgname': 'libnss3-dev', 'pkgver': '2:3.98-0ubuntu0.20.04.1'},
    {'osver': '20.04', 'pkgname': 'libnss3-tools', 'pkgver': '2:3.98-0ubuntu0.20.04.1'},
    {'osver': '22.04', 'pkgname': 'libnss3', 'pkgver': '2:3.98-0ubuntu0.22.04.1'},
    {'osver': '22.04', 'pkgname': 'libnss3-dev', 'pkgver': '2:3.98-0ubuntu0.22.04.1'},
    {'osver': '22.04', 'pkgname': 'libnss3-tools', 'pkgver': '2:3.98-0ubuntu0.22.04.1'},
    {'osver': '23.10', 'pkgname': 'libnss3', 'pkgver': '2:3.98-0ubuntu0.23.10.1'},
    {'osver': '23.10', 'pkgname': 'libnss3-dev', 'pkgver': '2:3.98-0ubuntu0.23.10.1'},
    {'osver': '23.10', 'pkgname': 'libnss3-tools', 'pkgver': '2:3.98-0ubuntu0.23.10.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libnss3 / libnss3-dev / libnss3-tools');
}

VendorProductVersionCPE
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:lts
canonicalubuntu_linux22.04cpe:/o:canonical:ubuntu_linux:22.04:-:lts
canonicalubuntu_linux23.10cpe:/o:canonical:ubuntu_linux:23.10
canonicalubuntu_linuxlibnss3p-cpe:/a:canonical:ubuntu_linux:libnss3
canonicalubuntu_linuxlibnss3-devp-cpe:/a:canonical:ubuntu_linux:libnss3-dev
canonicalubuntu_linuxlibnss3-toolsp-cpe:/a:canonical:ubuntu_linux:libnss3-tools

Vendor	Product	Version	CPE
canonical	ubuntu_linux	20.04	cpe:/o:canonical:ubuntu_linux:20.04:-:lts
canonical	ubuntu_linux	22.04	cpe:/o:canonical:ubuntu_linux:22.04:-:lts
canonical	ubuntu_linux	23.10	cpe:/o:canonical:ubuntu_linux:23.10
canonical	ubuntu_linux	libnss3	p-cpe:/a:canonical:ubuntu_linux:libnss3
canonical	ubuntu_linux	libnss3-dev	p-cpe:/a:canonical:ubuntu_linux:libnss3-dev
canonical	ubuntu_linux	libnss3-tools	p-cpe:/a:canonical:ubuntu_linux:libnss3-tools