Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-810-1.NASL
HistoryAug 05, 2009 - 12:00 a.m.

Ubuntu 8.04 LTS / 8.10 / 9.04 : nss vulnerabilities (USN-810-1)

2009-08-0500:00:00
Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404)

Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408)

Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site.
(CVE-2009-2409).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-810-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(40490);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2009-2404", "CVE-2009-2408", "CVE-2009-2409");
  script_bugtraq_id(35888, 35891);
  script_xref(name:"USN", value:"810-1");

  script_name(english:"Ubuntu 8.04 LTS / 8.10 / 9.04 : nss vulnerabilities (USN-810-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Moxie Marlinspike discovered that NSS did not properly handle regular
expressions in certificate names. A remote attacker could create a
specially crafted certificate to cause a denial of service (via
application crash) or execute arbitrary code as the user invoking the
program. (CVE-2009-2404)

Moxie Marlinspike and Dan Kaminsky independently discovered that NSS
did not properly handle certificates with NULL characters in the
certificate name. An attacker could exploit this to perform a man in
the middle attack to view sensitive information or alter encrypted
communications. (CVE-2009-2408)

Dan Kaminsky discovered NSS would still accept certificates with MD2
hash signatures. As a result, an attacker could potentially create a
malicious trusted certificate to impersonate another site.
(CVE-2009-2409).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/810-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(119, 310);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3-0d");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3-1d");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3-1d-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnss3-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/08/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(8\.04|8\.10|9\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 8.10 / 9.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"8.04", pkgname:"libnss3-0d", pkgver:"3.12.3.1-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libnss3-1d", pkgver:"3.12.3.1-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libnss3-1d-dbg", pkgver:"3.12.3.1-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libnss3-dev", pkgver:"3.12.3.1-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libnss3-tools", pkgver:"3.12.3.1-0ubuntu0.8.04.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libnss3-0d", pkgver:"3.12.3.1-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libnss3-1d", pkgver:"3.12.3.1-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libnss3-1d-dbg", pkgver:"3.12.3.1-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libnss3-dev", pkgver:"3.12.3.1-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libnss3-tools", pkgver:"3.12.3.1-0ubuntu0.8.10.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libnss3-0d", pkgver:"3.12.3.1-0ubuntu0.9.04.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libnss3-1d", pkgver:"3.12.3.1-0ubuntu0.9.04.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libnss3-1d-dbg", pkgver:"3.12.3.1-0ubuntu0.9.04.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libnss3-dev", pkgver:"3.12.3.1-0ubuntu0.9.04.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libnss3-tools", pkgver:"3.12.3.1-0ubuntu0.9.04.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libnss3-0d / libnss3-1d / libnss3-1d-dbg / libnss3-dev / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxlibnss3-0dp-cpe:/a:canonical:ubuntu_linux:libnss3-0d
canonicalubuntu_linuxlibnss3-1dp-cpe:/a:canonical:ubuntu_linux:libnss3-1d
canonicalubuntu_linuxlibnss3-1d-dbgp-cpe:/a:canonical:ubuntu_linux:libnss3-1d-dbg
canonicalubuntu_linuxlibnss3-devp-cpe:/a:canonical:ubuntu_linux:libnss3-dev
canonicalubuntu_linuxlibnss3-toolsp-cpe:/a:canonical:ubuntu_linux:libnss3-tools
canonicalubuntu_linux8.04cpe:/o:canonical:ubuntu_linux:8.04:-:lts
canonicalubuntu_linux8.10cpe:/o:canonical:ubuntu_linux:8.10
canonicalubuntu_linux9.04cpe:/o:canonical:ubuntu_linux:9.04

Related

redhat 5
openvas 82
nessus 58
ubuntu 4
osv 3
oraclelinux 3
debian 4
freebsd 1
securityvulns 6
checkpoint_advisories 2
veracode 3
mozilla 2
centos 1
prion 7
ubuntucve 3
debiancve 4
seebug 3
cve 4
f5 2
exploitdb 1
threatpost 1
redhat
redhat
(RHSA-2009:1207) Critical: nspr and nss security update
2009-08-12 00:00:00
(RHSA-2009:1190) Critical: nspr and nss security and bug fix update
2009-07-31 00:00:00
(RHSA-2009:1186) Critical: nspr and nss security, bug fix, and enhancement update
2009-07-30 00:00:00
openvas
openvas
RedHat Security Advisory RHSA-2009:1190
2009-08-17 00:00:00
RedHat Security Advisory RHSA-2009:1186
2009-08-17 00:00:00
Debian Security Advisory DSA 1874-1 (nss)
2009-09-02 00:00:00
nessus
nessus
Ubuntu 8.04 LTS / 8.10 / 9.04 : nspr update (USN-810-2)
2009-08-05 00:00:00
RHEL 4 : nspr and nss (RHSA-2009:1184)
2009-07-31 00:00:00
Oracle Linux 5 : nspr / and / nss (ELSA-2009-1186)
2023-09-07 00:00:00
ubuntu
ubuntu
NSPR update
2009-08-04 00:00:00
NSS vulnerabilities
2009-08-04 00:00:00
NSS regression
2009-09-02 00:00:00
osv
osv
nss - several vulnerabilities
2009-08-26 00:00:00
icedove - several vulnerabilities
2010-03-31 00:00:00
gnutls13 gnutls26 - SSL certificate
2009-11-17 00:00:00
oraclelinux
oraclelinux
nspr and nss security, bug fix, and enhancement update
2009-07-21 00:00:00
nspr and nss security and bug fix update
2009-07-30 00:00:00
openssl security update
2010-01-20 00:00:00
debian
debian
[SECURITY] [DSA 1874-1] New nss packages fix several vulnerabilities
2009-08-26 19:01:32
[SECURITY] [DSA 2025-1] New icedove packages fix several vulnerabilities
2010-03-31 08:41:27
[SECURITY] [DSA 1935-1] New gnutls23/gnutls26 packages fix SSL certificate verification weakness
2009-11-17 13:46:36
freebsd
freebsd
mozilla -- multiple vulnerabilities
2009-08-03 00:00:00
securityvulns
securityvulns
Mozilla Firefox, Thunderbird, SeaMonkey, NSS multiple security vulnerabilities
2009-08-07 00:00:00
Mozilla Foundation Security Advisory 2009-43
2009-08-07 00:00:00
Mozilla Foundation Security Advisory 2009-42
2009-08-07 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Network Security Services Regexp Heap Overflow (CVE-2009-2404)
2009-08-20 00:00:00
Mozilla Network Security Services Regexp Heap Overflow - Improved Performance (CVE-2009-2404)
2013-05-08 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:33:39
Spoofing Attack
2020-04-10 00:33:40
Man-in-the-Middle (MitM)
2020-04-10 00:33:40
mozilla
mozilla
Heap overflow in certificate regexp parsing — Mozilla
2009-08-01 00:00:00
Compromise of SSL-protected communication — Mozilla
2009-08-01 00:00:00
centos
centos
seamonkey security update
2009-07-31 00:33:31
prion
prion
Heap overflow
2009-08-03 14:30:00
Code injection
2009-07-30 19:30:00
Code injection
2009-07-30 19:30:00
ubuntucve
ubuntucve
CVE-2009-2404
2009-08-03 00:00:00
CVE-2009-2409
2009-07-30 00:00:00
CVE-2009-2408
2009-07-30 00:00:00
debiancve
debiancve
CVE-2009-2404
2009-08-03 14:30:00
CVE-2009-2409
2009-07-30 19:30:00
CVE-2009-2408
2009-07-30 19:30:00
seebug
seebug
Mozilla SeaMonkey规则表达式解析堆缓冲区溢出漏洞
2009-07-31 00:00:00
Mozilla Firefox NULL字符CA SSL证书验证安全绕过漏洞
2009-07-31 00:00:00
Randombit Botan Library X509 Certificate Validation Bypass Vulnerability(CVE-2017-2801)
2017-09-19 00:00:00
cve
cve
CVE-2009-2404
2009-08-03 14:30:00
CVE-2009-2409
2009-07-30 19:30:00
CVE-2009-2408
2009-07-30 19:30:00
f5
f5
K15663 : MD2 Message-Digest Algorithm vulnerability CVE-2009-2409
2014-10-23 00:00:00
SOL15663 - MD2 Message-Digest Algorithm vulnerability CVE-2009-2409
2014-10-09 00:00:00
exploitdb
exploitdb
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2009-06-30 00:00:00
threatpost
threatpost
Apple Safari
2009-12-29 21:50:26
JSON
Related for UBUNTU_USN-810-1.NASL
redhat5openvas82nessus58ubuntu4osv3oraclelinux3debian4freebsd1securityvulns6checkpoint_advisories2veracode3mozilla2centos1prion7ubuntucve3debiancve4seebug3cve4f52exploitdb1threatpost1