CentOS Update for nss-softokn CESA-2015:1699 centos6
2015-09-02T00:00:00
ID OPENVAS:1361412562310882272 Type openvas Reporter Copyright (C) 2015 Greenbone Networks GmbH Modified 2019-03-08T00:00:00
Description
Check the version of nss-softokn
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for nss-softokn CESA-2015:1699 centos6
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.882272");
script_version("$Revision: 14058 $");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_tag(name:"last_modification", value:"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $");
script_tag(name:"creation_date", value:"2015-09-02 07:00:13 +0200 (Wed, 02 Sep 2015)");
script_cve_id("CVE-2015-2730");
script_tag(name:"qod_type", value:"package");
script_name("CentOS Update for nss-softokn CESA-2015:1699 centos6");
script_tag(name:"summary", value:"Check the version of nss-softokn");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Network Security Services (NSS) is a set of libraries designed to support
cross-platform development of security-enabled client and server
applications.
A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve
Digital Signature Algorithm) signatures. Under certain conditions, an
attacker could use this flaw to conduct signature forgery attacks.
(CVE-2015-2730)
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Watson Ladd as the original reporter of this issue.
All nss-softokn users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.");
script_tag(name:"affected", value:"nss-softokn on CentOS 6");
script_tag(name:"solution", value:"Please install the updated packages.");
script_xref(name:"CESA", value:"2015:1699");
script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2015-September/021357.html");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS6");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "CentOS6")
{
if ((res = isrpmvuln(pkg:"nss-softokn", rpm:"nss-softokn~3.14.3~23.el6_7", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"nss-softokn-devel", rpm:"nss-softokn-devel~3.14.3~23.el6_7", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"nss-softokn-freebl", rpm:"nss-softokn-freebl~3.14.3~23.el6_7", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"nss-softokn-freebl-devel", rpm:"nss-softokn-freebl-devel~3.14.3~23.el6_7", rls:"CentOS6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310882272", "bulletinFamily": "scanner", "title": "CentOS Update for nss-softokn CESA-2015:1699 centos6", "description": "Check the version of nss-softokn", "published": "2015-09-02T00:00:00", "modified": "2019-03-08T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882272", "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-September/021357.html", "2015:1699"], "cvelist": ["CVE-2015-2730"], "type": "openvas", "lastseen": "2019-05-29T18:36:35", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-2730"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Check the version of nss-softokn", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "e417fd28c2349703a0835741f1be997bf4e6cea96cbdf88bd6d6c98c9e4268fd", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "3af6fc8fd5e63f7f2de81f9a8b99c5ce", "key": "pluginID"}, {"hash": "2acdd4f182f46f8f63f7acca96831beb", "key": "title"}, {"hash": "8f36a58f514dd3189cdd189be3962d77", "key": "sourceData"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "d0e6e581158426af2ce2d2b735b22e5d", "key": "cvelist"}, {"hash": "bf0a0417bbd0105276c237f781d49513", "key": "published"}, {"hash": "230b3f8a87954c521a95306ec0c45640", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}, {"hash": "f7f61a12a6a56b70ec7b13e47ce5dba9", "key": "description"}, {"hash": "0a7bb209bc13a46200af43038c9b6b89", "key": "href"}, {"hash": "0d134bf170d66438eb1e01173ee0187f", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882272", "id": "OPENVAS:1361412562310882272", "lastseen": "2017-07-25T10:53:26", "modified": "2017-07-10T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310882272", "published": "2015-09-02T00:00:00", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-September/021357.html", "2015:1699"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nss-softokn CESA-2015:1699 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882272\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-02 07:00:13 +0200 (Wed, 02 Sep 2015)\");\n script_cve_id(\"CVE-2015-2730\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for nss-softokn CESA-2015:1699 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of nss-softokn\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Network Security Services (NSS) is a set of libraries designed to support \ncross-platform development of security-enabled client and server\napplications.\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Watson Ladd as the original reporter of this issue.\n\nAll nss-softokn users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\n\");\n script_tag(name: \"affected\", value: \"nss-softokn on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:1699\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-September/021357.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-softokn\", rpm:\"nss-softokn~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-devel\", rpm:\"nss-softokn-devel~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl\", rpm:\"nss-softokn-freebl~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl-devel\", rpm:\"nss-softokn-freebl-devel~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "CentOS Update for nss-softokn CESA-2015:1699 centos6 ", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-07-25T10:53:26"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-2730"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Check the version of nss-softokn", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-03-11T14:40:08", "references": [{"idList": ["SECURITYVULNS:VULN:14573"], "type": "securityvulns"}, {"idList": ["GLSA-201512-10"], "type": "gentoo"}, {"idList": ["CVE-2015-2730"], "type": "cve"}, {"idList": ["MFSA2015-64"], "type": "mozilla"}, {"idList": ["CESA-2015:1664", "CESA-2015:1699"], "type": "centos"}, {"idList": ["ELSA-2015-1699", "ELSA-2016-0685", "ELSA-2015-1664"], "type": "oraclelinux"}, {"idList": ["OPENVAS:1361412562310123021", "OPENVAS:1361412562310120065", "OPENVAS:1361412562310123015", "OPENVAS:1361412562310882271", "OPENVAS:1361412562310703336", "OPENVAS:1361412562310871442", "OPENVAS:1361412562310871437", "OPENVAS:1361412562310842277", "OPENVAS:703336", "OPENVAS:1361412562310882256"], "type": "openvas"}, {"idList": ["44D9DAEE-940C-4179-86BB-6E3FFD617869"], "type": "freebsd"}, {"idList": ["ALAS-2015-596"], "type": "amazon"}, {"idList": ["KLA10622"], "type": "kaspersky"}, {"idList": ["DEBIAN:DLA-315-1:C6985", "DEBIAN:DSA-3336-1:F9DC2"], "type": "debian"}, {"idList": ["SOL15955144", "F5:K15955144"], "type": "f5"}, {"idList": ["USN-2672-1", "USN-2656-2", "USN-2656-1"], "type": "ubuntu"}, {"idList": ["SUSE-SU-2015:1268-1", "OPENSUSE-SU-2015:1266-1", "SUSE-SU-2015:1449-1", "SUSE-SU-2015:1269-1", "SUSE-SU-2015:1268-2", "OPENSUSE-SU-2015:1229-1"], "type": "suse"}, {"idList": ["RHSA-2015:1699", "RHSA-2015:1664"], "type": "redhat"}, {"idList": ["ORACLELINUX_ELSA-2015-1699.NASL", "REDHAT-RHSA-2015-1699.NASL", "CENTOS_RHSA-2015-1699.NASL", "SL_20150901_NSS_SOFTOKN_ON_SL6_X.NASL", "DEBIAN_DSA-3336.NASL", "F5_BIGIP_SOL15955144.NASL", "UBUNTU_USN-2672-1.NASL", "ORACLEVM_OVMSA-2015-0118.NASL", "ALA_ALAS-2015-596.NASL", "REDHAT-RHSA-2015-1664.NASL"], "type": "nessus"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "75aef1d48177fe6d1bd6b852dd8f61bdfb6af2ad9db6cdb0c66c53aaddb78aff", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "d62a00b85cd389740a000051f39e5e52", "key": "sourceData"}, {"hash": "3af6fc8fd5e63f7f2de81f9a8b99c5ce", "key": "pluginID"}, {"hash": "4634f30be90a07bbe398093c117019f7", "key": "title"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "d0e6e581158426af2ce2d2b735b22e5d", "key": "cvelist"}, {"hash": "bf0a0417bbd0105276c237f781d49513", "key": "published"}, {"hash": "ecbe9d16f6a6e342e317b2b4714ba558", "key": "modified"}, {"hash": "230b3f8a87954c521a95306ec0c45640", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}, {"hash": "f7f61a12a6a56b70ec7b13e47ce5dba9", "key": "description"}, {"hash": "0a7bb209bc13a46200af43038c9b6b89", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882272", "id": "OPENVAS:1361412562310882272", "lastseen": "2019-03-11T14:40:08", "modified": "2019-03-08T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310882272", "published": "2015-09-02T00:00:00", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-September/021357.html", "2015:1699"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nss-softokn CESA-2015:1699 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882272\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-02 07:00:13 +0200 (Wed, 02 Sep 2015)\");\n script_cve_id(\"CVE-2015-2730\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for nss-softokn CESA-2015:1699 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of nss-softokn\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set of libraries designed to support\ncross-platform development of security-enabled client and server\napplications.\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Watson Ladd as the original reporter of this issue.\n\nAll nss-softokn users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"nss-softokn on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1699\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-September/021357.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-softokn\", rpm:\"nss-softokn~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-devel\", rpm:\"nss-softokn-devel~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl\", rpm:\"nss-softokn-freebl~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl-devel\", rpm:\"nss-softokn-freebl-devel~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "title": "CentOS Update for nss-softokn CESA-2015:1699 centos6", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 6, "lastseen": "2019-03-11T14:40:08"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-2730"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Check the version of nss-softokn", "edition": 1, "enchantments": {}, "hash": "2a6ea13de80ae2fc614e2444f45cf103f231f08a8967e06db924c6cfcfe3b282", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "3af6fc8fd5e63f7f2de81f9a8b99c5ce", "key": "pluginID"}, {"hash": "2acdd4f182f46f8f63f7acca96831beb", "key": "title"}, {"hash": "54c80a447982dbedec92463c7532b29f", "key": "modified"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "d0e6e581158426af2ce2d2b735b22e5d", "key": "cvelist"}, {"hash": "bf0a0417bbd0105276c237f781d49513", "key": "published"}, {"hash": "230b3f8a87954c521a95306ec0c45640", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "20c97100577bb067eaf9782eba700a37", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}, {"hash": "f7f61a12a6a56b70ec7b13e47ce5dba9", "key": "description"}, {"hash": "0a7bb209bc13a46200af43038c9b6b89", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882272", "id": "OPENVAS:1361412562310882272", "lastseen": "2017-07-02T21:12:16", "modified": "2017-06-13T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310882272", "published": "2015-09-02T00:00:00", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-September/021357.html", "2015:1699"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nss-softokn CESA-2015:1699 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882272\");\n script_version(\"$Revision: 6329 $\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-13 17:39:42 +0200 (Tue, 13 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-02 07:00:13 +0200 (Wed, 02 Sep 2015)\");\n script_cve_id(\"CVE-2015-2730\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for nss-softokn CESA-2015:1699 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of nss-softokn\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Network Security Services (NSS) is a set of libraries designed to support \ncross-platform development of security-enabled client and server\napplications.\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Watson Ladd as the original reporter of this issue.\n\nAll nss-softokn users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\n\");\n script_tag(name: \"affected\", value: \"nss-softokn on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:1699\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-September/021357.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:centos:centos\", \"login/SSH/success\", \"ssh/login/release\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-softokn\", rpm:\"nss-softokn~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-devel\", rpm:\"nss-softokn-devel~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl\", rpm:\"nss-softokn-freebl~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl-devel\", rpm:\"nss-softokn-freebl-devel~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "CentOS Update for nss-softokn CESA-2015:1699 centos6 ", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-07-02T21:12:16"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-2730"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Check the version of nss-softokn", "edition": 4, "enchantments": {"dependencies": {"modified": "2018-09-01T23:51:22", "references": [{"idList": ["SECURITYVULNS:VULN:14573"], "type": "securityvulns"}, {"idList": ["GLSA-201512-10"], "type": "gentoo"}, {"idList": ["CVE-2015-2730"], "type": "cve"}, {"idList": ["MFSA2015-64"], "type": "mozilla"}, {"idList": ["CESA-2015:1664", "CESA-2015:1699"], "type": "centos"}, {"idList": ["ELSA-2015-1699", "ELSA-2016-0685", "ELSA-2015-1664"], "type": "oraclelinux"}, {"idList": ["OPENVAS:1361412562310123021", "OPENVAS:1361412562310120065", "OPENVAS:1361412562310123015", "OPENVAS:1361412562310882271", "OPENVAS:1361412562310703336", "OPENVAS:1361412562310871442", "OPENVAS:1361412562310871437", "OPENVAS:1361412562310842277", "OPENVAS:703336", "OPENVAS:1361412562310882256"], "type": "openvas"}, {"idList": ["ORACLELINUX_ELSA-2015-1699.NASL", "REDHAT-RHSA-2015-1699.NASL", "CENTOS_RHSA-2015-1699.NASL", "SL_20150901_NSS_SOFTOKN_ON_SL6_X.NASL", "DEBIAN_DSA-3336.NASL", "DEBIAN_DLA-315.NASL", "F5_BIGIP_SOL15955144.NASL", "ORACLEVM_OVMSA-2015-0118.NASL", "ALA_ALAS-2015-596.NASL", "REDHAT-RHSA-2015-1664.NASL"], "type": "nessus"}, {"idList": ["44D9DAEE-940C-4179-86BB-6E3FFD617869"], "type": "freebsd"}, {"idList": ["ALAS-2015-596"], "type": "amazon"}, {"idList": ["KLA10622"], "type": "kaspersky"}, {"idList": ["DEBIAN:DLA-315-1:C6985", "DEBIAN:DSA-3336-1:F9DC2"], "type": "debian"}, {"idList": ["SOL15955144", "F5:K15955144"], "type": "f5"}, {"idList": ["USN-2672-1", "USN-2656-2", "USN-2656-1"], "type": "ubuntu"}, {"idList": ["SUSE-SU-2015:1268-1", "OPENSUSE-SU-2015:1266-1", "SUSE-SU-2015:1449-1", "SUSE-SU-2015:1269-1", "SUSE-SU-2015:1268-2", "OPENSUSE-SU-2015:1229-1"], "type": "suse"}, {"idList": ["RHSA-2015:1699", "RHSA-2015:1664"], "type": "redhat"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "e417fd28c2349703a0835741f1be997bf4e6cea96cbdf88bd6d6c98c9e4268fd", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "3af6fc8fd5e63f7f2de81f9a8b99c5ce", "key": "pluginID"}, {"hash": "2acdd4f182f46f8f63f7acca96831beb", "key": "title"}, {"hash": "8f36a58f514dd3189cdd189be3962d77", "key": "sourceData"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "d0e6e581158426af2ce2d2b735b22e5d", "key": "cvelist"}, {"hash": "bf0a0417bbd0105276c237f781d49513", "key": "published"}, {"hash": "230b3f8a87954c521a95306ec0c45640", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}, {"hash": "f7f61a12a6a56b70ec7b13e47ce5dba9", "key": "description"}, {"hash": "0a7bb209bc13a46200af43038c9b6b89", "key": "href"}, {"hash": "0d134bf170d66438eb1e01173ee0187f", "key": "modified"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882272", "id": "OPENVAS:1361412562310882272", "lastseen": "2018-09-01T23:51:22", "modified": "2017-07-10T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310882272", "published": "2015-09-02T00:00:00", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-September/021357.html", "2015:1699"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nss-softokn CESA-2015:1699 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882272\");\n script_version(\"$Revision: 6657 $\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-02 07:00:13 +0200 (Wed, 02 Sep 2015)\");\n script_cve_id(\"CVE-2015-2730\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for nss-softokn CESA-2015:1699 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of nss-softokn\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Network Security Services (NSS) is a set of libraries designed to support \ncross-platform development of security-enabled client and server\napplications.\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Watson Ladd as the original reporter of this issue.\n\nAll nss-softokn users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\n\");\n script_tag(name: \"affected\", value: \"nss-softokn on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:1699\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-September/021357.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-softokn\", rpm:\"nss-softokn~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-devel\", rpm:\"nss-softokn-devel~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl\", rpm:\"nss-softokn-freebl~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl-devel\", rpm:\"nss-softokn-freebl-devel~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "CentOS Update for nss-softokn CESA-2015:1699 centos6 ", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 4, "lastseen": "2018-09-01T23:51:22"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2015-2730"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Check the version of nss-softokn", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-03-08T14:08:13", "references": [{"idList": ["SECURITYVULNS:VULN:14573"], "type": "securityvulns"}, {"idList": ["GLSA-201512-10"], "type": "gentoo"}, {"idList": ["CVE-2015-2730"], "type": "cve"}, {"idList": ["MFSA2015-64"], "type": "mozilla"}, {"idList": ["CESA-2015:1664", "CESA-2015:1699"], "type": "centos"}, {"idList": ["ELSA-2015-1699", "ELSA-2016-0685", "ELSA-2015-1664"], "type": "oraclelinux"}, {"idList": ["OPENVAS:1361412562310123021", "OPENVAS:1361412562310120065", "OPENVAS:1361412562310123015", "OPENVAS:1361412562310882271", "OPENVAS:1361412562310703336", "OPENVAS:1361412562310871442", "OPENVAS:1361412562310871437", "OPENVAS:1361412562310842277", "OPENVAS:703336", "OPENVAS:1361412562310882256"], "type": "openvas"}, {"idList": ["44D9DAEE-940C-4179-86BB-6E3FFD617869"], "type": "freebsd"}, {"idList": ["ALAS-2015-596"], "type": "amazon"}, {"idList": ["KLA10622"], "type": "kaspersky"}, {"idList": ["DEBIAN:DLA-315-1:C6985", "DEBIAN:DSA-3336-1:F9DC2"], "type": "debian"}, {"idList": ["SOL15955144", "F5:K15955144"], "type": "f5"}, {"idList": ["USN-2672-1", "USN-2656-2", "USN-2656-1"], "type": "ubuntu"}, {"idList": ["SUSE-SU-2015:1268-1", "OPENSUSE-SU-2015:1266-1", "SUSE-SU-2015:1449-1", "SUSE-SU-2015:1269-1", "SUSE-SU-2015:1268-2", "OPENSUSE-SU-2015:1229-1"], "type": "suse"}, {"idList": ["ORACLELINUX_ELSA-2015-1699.NASL", "REDHAT-RHSA-2015-1699.NASL", "CENTOS_RHSA-2015-1699.NASL", "SL_20150901_NSS_SOFTOKN_ON_SL6_X.NASL", "CENTOS_RHSA-2015-1664.NASL", "DEBIAN_DLA-315.NASL", "F5_BIGIP_SOL15955144.NASL", "UBUNTU_USN-2672-1.NASL", "ORACLEVM_OVMSA-2015-0118.NASL", "ALA_ALAS-2015-596.NASL"], "type": "nessus"}, {"idList": ["RHSA-2015:1699", "RHSA-2015:1664"], "type": "redhat"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "7dd7f936c09c6e854c8dfbcd7e762fa99fbc98a534da710f6b6072a05e1fd94b", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "3af6fc8fd5e63f7f2de81f9a8b99c5ce", "key": "pluginID"}, {"hash": "2acdd4f182f46f8f63f7acca96831beb", "key": "title"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "d8a9845591aef0a8ed4332cffb01dae0", "key": "sourceData"}, {"hash": "d0e6e581158426af2ce2d2b735b22e5d", "key": "cvelist"}, {"hash": "bf0a0417bbd0105276c237f781d49513", "key": "published"}, {"hash": "ecbe9d16f6a6e342e317b2b4714ba558", "key": "modified"}, {"hash": "230b3f8a87954c521a95306ec0c45640", "key": "references"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "1e898993712db5cf9f9a110102684025", "key": "reporter"}, {"hash": "f7f61a12a6a56b70ec7b13e47ce5dba9", "key": "description"}, {"hash": "0a7bb209bc13a46200af43038c9b6b89", "key": "href"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882272", "id": "OPENVAS:1361412562310882272", "lastseen": "2019-03-08T14:08:13", "modified": "2019-03-08T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "1361412562310882272", "published": "2015-09-02T00:00:00", "references": ["http://lists.centos.org/pipermail/centos-announce/2015-September/021357.html", "2015:1699"], "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nss-softokn CESA-2015:1699 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882272\");\n script_version(\"$Revision: 14050 $\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 10:08:09 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-02 07:00:13 +0200 (Wed, 02 Sep 2015)\");\n script_cve_id(\"CVE-2015-2730\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for nss-softokn CESA-2015:1699 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of nss-softokn\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Network Security Services (NSS) is a set of libraries designed to support \ncross-platform development of security-enabled client and server\napplications.\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Watson Ladd as the original reporter of this issue.\n\nAll nss-softokn users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\n\");\n script_tag(name: \"affected\", value: \"nss-softokn on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:1699\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-September/021357.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-softokn\", rpm:\"nss-softokn~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-devel\", rpm:\"nss-softokn-devel~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl\", rpm:\"nss-softokn-freebl~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl-devel\", rpm:\"nss-softokn-freebl-devel~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "title": "CentOS Update for nss-softokn CESA-2015:1699 centos6 ", "type": "openvas", "viewCount": 0}, "differentElements": ["sourceData", "title"], "edition": 5, "lastseen": "2019-03-08T14:08:13"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "d0e6e581158426af2ce2d2b735b22e5d"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "description", "hash": "f7f61a12a6a56b70ec7b13e47ce5dba9"}, {"key": "href", "hash": "0a7bb209bc13a46200af43038c9b6b89"}, {"key": "modified", "hash": "ecbe9d16f6a6e342e317b2b4714ba558"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "3af6fc8fd5e63f7f2de81f9a8b99c5ce"}, {"key": "published", "hash": "bf0a0417bbd0105276c237f781d49513"}, {"key": "references", "hash": "230b3f8a87954c521a95306ec0c45640"}, {"key": "reporter", "hash": "1e898993712db5cf9f9a110102684025"}, {"key": "sourceData", "hash": "d62a00b85cd389740a000051f39e5e52"}, {"key": "title", "hash": "4634f30be90a07bbe398093c117019f7"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "964906c1cf7063d3cf55355f8f29ef740eb3222d29df8da009516d9595985e3e", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-2730"]}, {"type": "f5", "idList": ["F5:K15955144", "SOL15955144"]}, {"type": "redhat", "idList": ["RHSA-2015:1699", "RHSA-2015:1664"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1699", "ELSA-2015-1664", "ELSA-2016-0685"]}, {"type": "centos", "idList": ["CESA-2015:1699", "CESA-2015:1664"]}, {"type": "amazon", "idList": ["ALAS-2015-596"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310123015", "OPENVAS:1361412562310882271", "OPENVAS:1361412562310871442", "OPENVAS:1361412562310120065", "OPENVAS:1361412562310842277", "OPENVAS:1361412562310871437", "OPENVAS:1361412562310123021", "OPENVAS:703336", "OPENVAS:1361412562310703336", "OPENVAS:1361412562310882256"]}, {"type": "nessus", "idList": ["F5_BIGIP_SOL15955144.NASL", "SL_20150901_NSS_SOFTOKN_ON_SL6_X.NASL", "REDHAT-RHSA-2015-1699.NASL", "CENTOS_RHSA-2015-1699.NASL", "ORACLELINUX_ELSA-2015-1699.NASL", "ALA_ALAS-2015-596.NASL", "ORACLEVM_OVMSA-2015-0118.NASL", "CENTOS_RHSA-2015-1664.NASL", "ORACLELINUX_ELSA-2015-1664.NASL", "DEBIAN_DLA-315.NASL"]}, {"type": "mozilla", "idList": ["MFSA2015-64"]}, {"type": "ubuntu", "idList": ["USN-2672-1", "USN-2656-1", "USN-2656-2"]}, {"type": "debian", "idList": ["DEBIAN:DLA-315-1:C6985", "DEBIAN:DSA-3336-1:F9DC2"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1268-2", "SUSE-SU-2015:1268-1", "OPENSUSE-SU-2015:1229-1", "SUSE-SU-2015:1269-1", "SUSE-SU-2015:1449-1", "OPENSUSE-SU-2015:1266-1"]}, {"type": "kaspersky", "idList": ["KLA10622"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14573"]}, {"type": "freebsd", "idList": ["44D9DAEE-940C-4179-86BB-6E3FFD617869"]}, {"type": "gentoo", "idList": ["GLSA-201512-10"]}], "modified": "2019-05-29T18:36:35"}, "score": {"value": 5.9, "vector": "NONE", "modified": "2019-05-29T18:36:35"}, "vulnersScore": 5.9}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nss-softokn CESA-2015:1699 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882272\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-02 07:00:13 +0200 (Wed, 02 Sep 2015)\");\n script_cve_id(\"CVE-2015-2730\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for nss-softokn CESA-2015:1699 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of nss-softokn\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set of libraries designed to support\ncross-platform development of security-enabled client and server\napplications.\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Watson Ladd as the original reporter of this issue.\n\nAll nss-softokn users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"nss-softokn on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1699\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-September/021357.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-softokn\", rpm:\"nss-softokn~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-devel\", rpm:\"nss-softokn-devel~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl\", rpm:\"nss-softokn-freebl~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl-devel\", rpm:\"nss-softokn-freebl-devel~3.14.3~23.el6_7\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "CentOS Local Security Checks", "pluginID": "1361412562310882272", "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:14:41", "bulletinFamily": "NVD", "description": "Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.", "modified": "2016-12-28T02:59:00", "id": "CVE-2015-2730", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2730", "published": "2015-07-06T02:01:00", "title": "CVE-2015-2730", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "f5": [{"lastseen": "2017-06-08T10:18:52", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 553454 (BIG-IP), ID 571432 (BIG-IQ), and ID 571437 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0 \n11.6.1 HF1 \n11.5.4| Low| NSS package \nBIG-IP AAM| 12.0.0 \n11.4.0 - 11.6.1| 12.1.0 \n11.6.1 HF1 \n11.5.4| Low| NSS package \nBIG-IP AFM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0 \n11.6.1 HF1 \n11.5.4| Low| NSS package \nBIG-IP Analytics| 12.0.0 \n11.0.0 - 11.6.1| 12.1.0 \n11.6.1 HF1 \n11.5.4| Low| NSS package \nBIG-IP APM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0 \n11.6.1 HF1 \n11.5.4| Low| NSS package \nBIG-IP ASM| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0 \n11.6.1 HF1 \n11.5.4| Low| NSS package \nBIG-IP DNS| 12.0.0| 12.1.0| Low| NSS package \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| NSS package \nBIG-IP GTM| 11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 11.6.1 HF1 \n11.5.4| Low| NSS package \nBIG-IP Link Controller| 12.0.0 \n11.0.0 - 11.6.1 \n10.1.0 - 10.2.4| 12.1.0 \n11.6.1 HF1 \n11.5.4| Low| NSS package \nBIG-IP PEM| 12.0.0 \n11.3.0 - 11.6.1| 12.1.0 \n11.6.1 HF1 \n11.5.4| Low| NSS package \nBIG-IP PSM| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| None| Low| NSS package \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| NSS package \nBIG-IP WOM| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None| Low| NSS package \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.0.0 - 3.1.1| None| Low| NSS package \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| NSS package \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| NSS package \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| NSS package \nBIG-IQ ADC| 4.5.0| None| Low| NSS package \nBIG-IQ Centralized Management| 4.6.0| None| Low| NSS package \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| NSS package \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 12.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "modified": "2017-03-14T22:06:00", "published": "2016-02-03T23:10:00", "id": "F5:K15955144", "href": "https://support.f5.com/csp/article/K15955144", "title": "Mozilla NSS vulnerability CVE-2015-2730", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-26T17:23:08", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable **column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL9502: BIG-IP hotfix matrix\n", "modified": "2016-09-07T00:00:00", "published": "2016-02-03T00:00:00", "id": "SOL15955144", "href": "http://support.f5.com/kb/en-us/solutions/public/k/15/sol15955144.html", "type": "f5", "title": "SOL15955144 - Mozilla NSS vulnerability CVE-2015-2730", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:39", "bulletinFamily": "unix", "description": "[3.14.3-23]\n- Pick up upstream freebl patch for CVE-2015-2730\n- Check for P == Q or P ==-Q before adding P and Q", "modified": "2015-09-01T00:00:00", "published": "2015-09-01T00:00:00", "id": "ELSA-2015-1699", "href": "http://linux.oracle.com/errata/ELSA-2015-1699.html", "title": "nss-softokn security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:10", "bulletinFamily": "unix", "description": "[3.19.1-1]\n- Rebase nss to 3.19.1\n- Pick up upstream fix for client auth. regression caused by 3.19.1\n- Revert upstream change to minimum key sizes\n- Remove patches that rendered obsolote by the rebase\n- Update existing patches on account of the rebase\n[3.18.0-7]\n- Pick up upstream patch from nss-3.19.1\n- Resolves: Bug 1236954 - CVE-2015-2730 NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)\n- Resolves: Bug 1236967 - CVE-2015-2721 NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71)", "modified": "2015-08-24T00:00:00", "published": "2015-08-24T00:00:00", "id": "ELSA-2015-1664", "href": "http://linux.oracle.com/errata/ELSA-2015-1664.html", "title": "nss security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:01", "bulletinFamily": "unix", "description": "nspr\n[4.11.0-1]\n- Rebase to NSPR 4.11\nnss\n[3.21.0-9.0.1]\n- Added nss-vendor.patch to change vendor\n[3.21.0-9]\n- Rebuild to require the latest nss-util build and nss-softokn build.\n[3.21.0-8]\n- Update the minimum nss-softokn build required at runtime.\n[3.21.0-7]\n- Delete duplicates from one table\n[3.21.0-6]\n- Fix missing support for sha384/dsa in certificate_request\n[3.21.0-5]\n- Fix the SigAlgs sent in certificate_request\n[3.21.0-4]\n- Ensure all ssl.sh tests are executed\n- Update sslauth test patch to run additional tests\n[3.21.0-2]\n- Fix sha384 support and testing patches\n[3.21.0-1]\n- Rebase to NSS-3.21\n- Resolves: Bug 1310581\nnss-softokn\n[3.16.2.3-14.2]\n- Adjust for a renamed variable in newer nss-util, require a compatible nss-util version.\n[3.16.2.3-14.1]\n- Pick up a bugfix related to fork(), to avoid a regression with NSS 3.21\n[3.16.2.3-14]\n- Pick up upstream freebl patch for CVE-2015-2730\n- Check for P == Q or P ==-Q before adding P and Q\nnss-util\n[3.21.0-2.2]\n- Rebase to nss-util from nss 3.21\n- Add aliases for naming compatibility with prior release", "modified": "2016-04-25T00:00:00", "published": "2016-04-25T00:00:00", "id": "ELSA-2016-0685", "href": "http://linux.oracle.com/errata/ELSA-2016-0685.html", "title": "nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2019-05-29T17:22:53", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks.\n\n \n**Affected Packages:** \n\n\nnss-softokn\n\n \n**Issue Correction:** \nRun _yum update nss-softokn_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n nss-softokn-debuginfo-3.16.2.3-13.37.amzn1.i686 \n nss-softokn-freebl-devel-3.16.2.3-13.37.amzn1.i686 \n nss-softokn-3.16.2.3-13.37.amzn1.i686 \n nss-softokn-devel-3.16.2.3-13.37.amzn1.i686 \n nss-softokn-freebl-3.16.2.3-13.37.amzn1.i686 \n \n src: \n nss-softokn-3.16.2.3-13.37.amzn1.src \n \n x86_64: \n nss-softokn-freebl-3.16.2.3-13.37.amzn1.x86_64 \n nss-softokn-3.16.2.3-13.37.amzn1.x86_64 \n nss-softokn-devel-3.16.2.3-13.37.amzn1.x86_64 \n nss-softokn-freebl-devel-3.16.2.3-13.37.amzn1.x86_64 \n nss-softokn-debuginfo-3.16.2.3-13.37.amzn1.x86_64 \n \n \n", "modified": "2015-09-22T10:00:00", "published": "2015-09-22T10:00:00", "id": "ALAS-2015-596", "href": "https://alas.aws.amazon.com/ALAS-2015-596.html", "title": "Medium: nss-softokn", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "centos": [{"lastseen": "2019-05-29T18:34:25", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1699\n\n\nNetwork Security Services (NSS) is a set of libraries designed to support \ncross-platform development of security-enabled client and server\napplications.\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Watson Ladd as the original reporter of this issue.\n\nAll nss-softokn users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-September/021357.html\nhttp://lists.centos.org/pipermail/centos-announce/2015-September/021362.html\n\n**Affected packages:**\nnss-softokn\nnss-softokn-devel\nnss-softokn-freebl\nnss-softokn-freebl-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1699.html", "modified": "2015-09-01T23:36:20", "published": "2015-09-01T15:35:07", "href": "http://lists.centos.org/pipermail/centos-announce/2015-September/021357.html", "id": "CESA-2015:1699", "title": "nss security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:43", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:1664\n\n\nNetwork Security Services (NSS) is a set of libraries designed to support\ncross-platform development of security-enabled client and server\napplications.\n\nIt was found that NSS permitted skipping of the ServerKeyExchange packet\nduring a handshake involving ECDHE (Elliptic Curve Diffie-Hellman key\nExchange). A remote attacker could use this flaw to bypass the\nforward-secrecy of a TLS/SSL connection. (CVE-2015-2721)\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Karthikeyan Bhargavan as the original reporter of\nCVE-2015-2721, and Watson Ladd as the original reporter of CVE-2015-2730.\n\nThe nss packages have been upgraded to upstream version 3.19.1, which\nprovides a number of bug fixes and enhancements over the previous version.\n\nAll nss users are advised to upgrade to these updated packages, which\ncorrect these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-August/021343.html\n\n**Affected packages:**\nnss\nnss-devel\nnss-pkcs11-devel\nnss-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1664.html", "modified": "2015-08-24T18:12:13", "published": "2015-08-24T18:12:13", "href": "http://lists.centos.org/pipermail/centos-announce/2015-August/021343.html", "id": "CESA-2015:1664", "title": "nss security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:47:09", "bulletinFamily": "unix", "description": "Network Security Services (NSS) is a set of libraries designed to support \ncross-platform development of security-enabled client and server\napplications.\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Watson Ladd as the original reporter of this issue.\n\nAll nss-softokn users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\n", "modified": "2018-06-06T20:24:29", "published": "2015-09-01T04:00:00", "id": "RHSA-2015:1699", "href": "https://access.redhat.com/errata/RHSA-2015:1699", "type": "redhat", "title": "(RHSA-2015:1699) Moderate: nss-softokn security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:45:27", "bulletinFamily": "unix", "description": "Network Security Services (NSS) is a set of libraries designed to support\ncross-platform development of security-enabled client and server\napplications.\n\nIt was found that NSS permitted skipping of the ServerKeyExchange packet\nduring a handshake involving ECDHE (Elliptic Curve Diffie-Hellman key\nExchange). A remote attacker could use this flaw to bypass the\nforward-secrecy of a TLS/SSL connection. (CVE-2015-2721)\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Karthikeyan Bhargavan as the original reporter of\nCVE-2015-2721, and Watson Ladd as the original reporter of CVE-2015-2730.\n\nThe nss packages have been upgraded to upstream version 3.19.1, which\nprovides a number of bug fixes and enhancements over the previous version.\n\nAll nss users are advised to upgrade to these updated packages, which\ncorrect these issues.\n", "modified": "2017-09-08T12:20:25", "published": "2015-08-24T04:00:00", "id": "RHSA-2015:1664", "href": "https://access.redhat.com/errata/RHSA-2015:1664", "type": "redhat", "title": "(RHSA-2015:1664) Moderate: nss security, bug fix, and enhancement update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:36:09", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-1699", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123015", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123015", "title": "Oracle Linux Local Check: ELSA-2015-1699", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1699.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123015\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:46:40 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1699\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1699 - nss-softokn security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1699\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1699.html\");\n script_cve_id(\"CVE-2015-2730\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"nss-softokn\", rpm:\"nss-softokn~3.16.2.3~13.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-softokn-devel\", rpm:\"nss-softokn-devel~3.16.2.3~13.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl\", rpm:\"nss-softokn-freebl~3.16.2.3~13.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl-devel\", rpm:\"nss-softokn-freebl-devel~3.16.2.3~13.el7_1\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"nss-softokn\", rpm:\"nss-softokn~3.14.3~23.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-softokn-devel\", rpm:\"nss-softokn-devel~3.14.3~23.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl\", rpm:\"nss-softokn-freebl~3.14.3~23.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl-devel\", rpm:\"nss-softokn-freebl-devel~3.14.3~23.el6_7\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:55", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-25T00:00:00", "id": "OPENVAS:1361412562310120065", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120065", "title": "Amazon Linux Local Check: alas-2015-596", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2015-596.nasl 6575 2017-07-06 13:42:08Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120065\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-25 11:17:58 +0300 (Fri, 25 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: alas-2015-596\");\n script_tag(name:\"insight\", value:\"A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks.\");\n script_tag(name:\"solution\", value:\"Run yum update nss-softokn to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-596.html\");\n script_cve_id(\"CVE-2015-2730\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"nss-softokn-debuginfo\", rpm:\"nss-softokn-debuginfo~3.16.2.3~13.37.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"nss-softokn-freebl-devel\", rpm:\"nss-softokn-freebl-devel~3.16.2.3~13.37.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"nss-softokn\", rpm:\"nss-softokn~3.16.2.3~13.37.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"nss-softokn-devel\", rpm:\"nss-softokn-devel~3.16.2.3~13.37.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"nss-softokn-freebl\", rpm:\"nss-softokn-freebl~3.16.2.3~13.37.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:00", "bulletinFamily": "scanner", "description": "Check the version of nss-softokn", "modified": "2019-03-08T00:00:00", "published": "2015-09-02T00:00:00", "id": "OPENVAS:1361412562310882271", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882271", "title": "CentOS Update for nss-softokn CESA-2015:1699 centos7", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nss-softokn CESA-2015:1699 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882271\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-02 07:00:09 +0200 (Wed, 02 Sep 2015)\");\n script_cve_id(\"CVE-2015-2730\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for nss-softokn CESA-2015:1699 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of nss-softokn\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set of libraries designed to support\ncross-platform development of security-enabled client and server\napplications.\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Watson Ladd as the original reporter of this issue.\n\nAll nss-softokn users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"nss-softokn on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1699\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-September/021362.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-softokn\", rpm:\"nss-softokn~3.16.2.3~13.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-devel\", rpm:\"nss-softokn-devel~3.16.2.3~13.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl\", rpm:\"nss-softokn-freebl~3.16.2.3~13.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl-devel\", rpm:\"nss-softokn-freebl-devel~3.16.2.3~13.el7_1\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:00", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-09-02T00:00:00", "id": "OPENVAS:1361412562310871442", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871442", "title": "RedHat Update for nss-softokn RHSA-2015:1699-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for nss-softokn RHSA-2015:1699-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871442\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-02 06:58:22 +0200 (Wed, 02 Sep 2015)\");\n script_cve_id(\"CVE-2015-2730\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for nss-softokn RHSA-2015:1699-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nss-softokn'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set of libraries designed to support\ncross-platform development of security-enabled client and server\napplications.\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Watson Ladd as the original reporter of this issue.\n\nAll nss-softokn users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\");\n script_tag(name:\"affected\", value:\"nss-softokn on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1699-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-September/msg00000.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-softokn\", rpm:\"nss-softokn~3.16.2.3~13.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-debuginfo\", rpm:\"nss-softokn-debuginfo~3.16.2.3~13.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-devel\", rpm:\"nss-softokn-devel~3.16.2.3~13.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl\", rpm:\"nss-softokn-freebl~3.16.2.3~13.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl-devel\", rpm:\"nss-softokn-freebl-devel~3.16.2.3~13.el7_1\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss-softokn\", rpm:\"nss-softokn~3.14.3~23.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-debuginfo\", rpm:\"nss-softokn-debuginfo~3.14.3~23.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-devel\", rpm:\"nss-softokn-devel~3.14.3~23.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl\", rpm:\"nss-softokn-freebl~3.14.3~23.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-softokn-freebl-devel\", rpm:\"nss-softokn-freebl-devel~3.14.3~23.el6_7\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:56", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-1664", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123021", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123021", "title": "Oracle Linux Local Check: ELSA-2015-1664", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1664.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123021\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:46:44 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1664\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1664 - nss security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1664\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1664.html\");\n script_cve_id(\"CVE-2015-2721\", \"CVE-2015-2730\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.19.1~1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.19.1~1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.19.1~1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.19.1~1.el5_11\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-24T12:54:00", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been\ndiscovered in nss, the Mozilla Network Security Service library. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2015-2721 \nKarthikeyan Bhargavan discovered that NSS incorrectly handles state\ntransitions for the TLS state machine. A man-in-the-middle attacker\ncould exploit this flaw to skip the ServerKeyExchange message and\nremove the forward-secrecy property.\n\nCVE-2015-2730 \nWatson Ladd discovered that NSS does not properly perform Elliptical\nCurve Cryptography (ECC) multiplication, allowing a remote attacker\nto potentially spoof ECDSA signatures.", "modified": "2017-07-07T00:00:00", "published": "2015-08-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703336", "id": "OPENVAS:703336", "title": "Debian Security Advisory DSA 3336-1 (nss - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3336.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3336-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703336);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-2721\", \"CVE-2015-2730\");\n script_name(\"Debian Security Advisory DSA 3336-1 (nss - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-08-17 00:00:00 +0200 (Mon, 17 Aug 2015)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3336.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"nss on Debian Linux\");\n script_tag(name: \"insight\", value: \"nss is a set of libraries designed\nto support cross-platform development of security-enabled client and server\napplications.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution\n(wheezy), these problems have been fixed in version 2:3.14.5-1+deb7u5.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:3.17.2-1.1+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2:3.19.1-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:3.19.1-1.\n\nWe recommend that you upgrade your nss packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in nss, the Mozilla Network Security Service library. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2015-2721 \nKarthikeyan Bhargavan discovered that NSS incorrectly handles state\ntransitions for the TLS state machine. A man-in-the-middle attacker\ncould exploit this flaw to skip the ServerKeyExchange message and\nremove the forward-secrecy property.\n\nCVE-2015-2730 \nWatson Ladd discovered that NSS does not properly perform Elliptical\nCurve Cryptography (ECC) multiplication, allowing a remote attacker\nto potentially spoof ECDSA signatures.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libnss3:amd64\", ver:\"2:3.14.5-1+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3:i386\", ver:\"2:3.14.5-1+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d:amd64\", ver:\"2:3.14.5-1+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d:i386\", ver:\"2:3.14.5-1+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dbg:amd64\", ver:\"2:3.14.5-1+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dbg:i386\", ver:\"2:3.14.5-1+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"2:3.14.5-1+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"2:3.14.5-1+deb7u5\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:36:33", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-08-25T00:00:00", "id": "OPENVAS:1361412562310871437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871437", "title": "RedHat Update for nss RHSA-2015:1664-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for nss RHSA-2015:1664-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871437\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2015-2721\", \"CVE-2015-2730\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-25 08:03:10 +0200 (Tue, 25 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for nss RHSA-2015:1664-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nss'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set of libraries designed to support\ncross-platform development of security-enabled client and server\napplications.\n\nIt was found that NSS permitted skipping of the ServerKeyExchange packet\nduring a handshake involving ECDHE (Elliptic Curve Diffie-Hellman key\nExchange). A remote attacker could use this flaw to bypass the\nforward-secrecy of a TLS/SSL connection. (CVE-2015-2721)\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Karthikeyan Bhargavan as the original reporter of\nCVE-2015-2721, and Watson Ladd as the original reporter of CVE-2015-2730.\n\nThe nss packages have been upgraded to upstream version 3.19.1, which\nprovides a number of bug fixes and enhancements over the previous version.\n\nAll nss users are advised to upgrade to these updated packages, which\ncorrect these issues.\");\n script_tag(name:\"affected\", value:\"nss on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1664-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-August/msg00039.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.19.1~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.19.1~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.19.1~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.19.1~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.19.1~1.el5_11\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:12", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-07-10T00:00:00", "id": "OPENVAS:1361412562310842277", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842277", "title": "Ubuntu Update for nss USN-2672-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for nss USN-2672-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842277\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-10 06:09:40 +0200 (Fri, 10 Jul 2015)\");\n script_cve_id(\"CVE-2015-2721\", \"CVE-2015-2730\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for nss USN-2672-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nss'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Karthikeyan Bhargavan discovered that NSS\nincorrectly handled state transitions for the TLS state machine. If a remote\nattacker were able to perform a man-in-the-middle attack, this flaw could be\nexploited to skip the ServerKeyExchange message and remove the forward-secrecy\nproperty. (CVE-2015-2721)\n\nWatson Ladd discovered that NSS incorrectly handled Elliptical Curve\nCryptography (ECC) multiplication. A remote attacker could possibly use\nthis issue to spoof ECDSA signatures. (CVE-2015-2730)\n\nAs a security improvement, this update modifies NSS behaviour to reject DH\nkey sizes below 768 bits, preventing a possible downgrade attack.\n\nThis update also refreshes the NSS package to version 3.19.2 which includes\nthe latest CA certificate bundle.\");\n script_tag(name:\"affected\", value:\"nss on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2672-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2672-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libnss3:amd64\", ver:\"2:3.19.2-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3:i386\", ver:\"2:3.19.2-0ubuntu0.14.10.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libnss3:i386\", ver:\"2:3.19.2-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3:amd64\", ver:\"2:3.19.2-0ubuntu0.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libnss3\", ver:\"3.19.2-0ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:37", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been\ndiscovered in nss, the Mozilla Network Security Service library. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2015-2721\nKarthikeyan Bhargavan discovered that NSS incorrectly handles state\ntransitions for the TLS state machine. A man-in-the-middle attacker\ncould exploit this flaw to skip the ServerKeyExchange message and\nremove the forward-secrecy property.\n\nCVE-2015-2730\nWatson Ladd discovered that NSS does not properly perform Elliptical\nCurve Cryptography (ECC) multiplication, allowing a remote attacker\nto potentially spoof ECDSA signatures.", "modified": "2019-03-18T00:00:00", "published": "2015-08-17T00:00:00", "id": "OPENVAS:1361412562310703336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703336", "title": "Debian Security Advisory DSA 3336-1 (nss - security update)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3336.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3336-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703336\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-2721\", \"CVE-2015-2730\");\n script_name(\"Debian Security Advisory DSA 3336-1 (nss - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-17 00:00:00 +0200 (Mon, 17 Aug 2015)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3336.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"nss on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution\n(wheezy), these problems have been fixed in version 2:3.14.5-1+deb7u5.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:3.17.2-1.1+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2:3.19.1-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:3.19.1-1.\n\nWe recommend that you upgrade your nss packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in nss, the Mozilla Network Security Service library. The Common\nVulnerabilities and Exposures project identifies the following problems:\n\nCVE-2015-2721\nKarthikeyan Bhargavan discovered that NSS incorrectly handles state\ntransitions for the TLS state machine. A man-in-the-middle attacker\ncould exploit this flaw to skip the ServerKeyExchange message and\nremove the forward-secrecy property.\n\nCVE-2015-2730\nWatson Ladd discovered that NSS does not properly perform Elliptical\nCurve Cryptography (ECC) multiplication, allowing a remote attacker\nto potentially spoof ECDSA signatures.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libnss3:amd64\", ver:\"2:3.14.5-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3:i386\", ver:\"2:3.14.5-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3-1d:amd64\", ver:\"2:3.14.5-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3-1d:i386\", ver:\"2:3.14.5-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3-dbg:amd64\", ver:\"2:3.14.5-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3-dbg:i386\", ver:\"2:3.14.5-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"2:3.14.5-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"2:3.14.5-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "scanner", "description": "Check the version of nss", "modified": "2019-03-08T00:00:00", "published": "2015-08-26T00:00:00", "id": "OPENVAS:1361412562310882256", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882256", "title": "CentOS Update for nss CESA-2015:1664 centos5", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nss CESA-2015:1664 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882256\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-2721\", \"CVE-2015-2730\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-26 09:18:51 +0200 (Wed, 26 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for nss CESA-2015:1664 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of nss\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set of libraries designed to support\ncross-platform development of security-enabled client and server\napplications.\n\nIt was found that NSS permitted skipping of the ServerKeyExchange packet\nduring a handshake involving ECDHE (Elliptic Curve Diffie-Hellman key\nExchange). A remote attacker could use this flaw to bypass the\nforward-secrecy of a TLS/SSL connection. (CVE-2015-2721)\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this issue.\nUpstream acknowledges Karthikeyan Bhargavan as the original reporter of\nCVE-2015-2721, and Watson Ladd as the original reporter of CVE-2015-2730.\n\nThe nss packages have been upgraded to upstream version 3.19.1, which\nprovides a number of bug fixes and enhancements over the previous version.\n\nAll nss users are advised to upgrade to these updated packages, which\ncorrect these issues.\");\n script_tag(name:\"affected\", value:\"nss on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1664\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-August/021343.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.19.1~1.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.19.1~1.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.19.1~1.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.19.1~1.el5_11\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2019-11-03T12:13:07", "bulletinFamily": "scanner", "description": "A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)", "modified": "2019-11-02T00:00:00", "id": "SL_20150901_NSS_SOFTOKN_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/85759", "published": "2015-09-03T00:00:00", "title": "Scientific Linux Security Update : nss-softokn on SL6.x, SL7.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85759);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2015-2730\");\n\n script_name(english:\"Scientific Linux Security Update : nss-softokn on SL6.x, SL7.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1509&L=scientific-linux-errata&F=&S=&P=5841\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?71e187f0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"nss-softokn-3.14.3-23.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-softokn-debuginfo-3.14.3-23.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-softokn-devel-3.14.3-23.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-softokn-freebl-3.14.3-23.el6_7\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"nss-softokn-freebl-devel-3.14.3-23.el6_7\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-softokn-3.16.2.3-13.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-softokn-debuginfo-3.16.2.3-13.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-softokn-devel-3.16.2.3-13.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-softokn-freebl-3.16.2.3-13.el7_1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"nss-softokn-freebl-devel-3.16.2.3-13.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T03:21:02", "bulletinFamily": "scanner", "description": "Updated nss-softokn packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport cross-platform development of security-enabled client and\nserver applications.\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Watson Ladd as the original reporter of\nthis issue.\n\nAll nss-softokn users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2015-1699.NASL", "href": "https://www.tenable.com/plugins/nessus/85969", "published": "2015-09-17T00:00:00", "title": "RHEL 6 / 7 : nss-softokn (RHSA-2015:1699)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1699. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85969);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-2730\");\n script_xref(name:\"RHSA\", value:\"2015:1699\");\n\n script_name(english:\"RHEL 6 / 7 : nss-softokn (RHSA-2015:1699)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated nss-softokn packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport cross-platform development of security-enabled client and\nserver applications.\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Watson Ladd as the original reporter of\nthis issue.\n\nAll nss-softokn users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-64/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-2730\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-softokn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-softokn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-softokn-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1699\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"nss-softokn-3.14.3-23.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-softokn-debuginfo-3.14.3-23.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-softokn-devel-3.14.3-23.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-softokn-freebl-3.14.3-23.el6_7\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"nss-softokn-freebl-devel-3.14.3-23.el6_7\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-softokn-3.16.2.3-13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-softokn-debuginfo-3.16.2.3-13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-softokn-devel-3.16.2.3-13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-softokn-freebl-3.16.2.3-13.el7_1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"nss-softokn-freebl-devel-3.16.2.3-13.el7_1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss-softokn / nss-softokn-debuginfo / nss-softokn-devel / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:26:16", "bulletinFamily": "scanner", "description": "Mozilla Network Security Services (NSS) before 3.19.1, as used in\nMozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x\nbefore 38.1, and other products, does not properly perform Elliptical\nCurve Cryptography (ECC) multiplications, which makes it easier for\nremote attackers to spoof ECDSA signatures via unspecified vectors.\n(CVE-2015-2730)", "modified": "2019-11-02T00:00:00", "id": "F5_BIGIP_SOL15955144.NASL", "href": "https://www.tenable.com/plugins/nessus/97671", "published": "2017-03-13T00:00:00", "title": "F5 Networks BIG-IP : Mozilla NSS vulnerability (K15955144)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K15955144.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97671);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2015-2730\");\n script_bugtraq_id(75541);\n\n script_name(english:\"F5 Networks BIG-IP : Mozilla NSS vulnerability (K15955144)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla Network Security Services (NSS) before 3.19.1, as used in\nMozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x\nbefore 38.1, and other products, does not properly perform Elliptical\nCurve Cryptography (ECC) multiplications, which makes it easier for\nremote attackers to spoof ECDSA signatures via unspecified vectors.\n(CVE-2015-2730)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15955144\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K15955144.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K15955144\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.3.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1HF1\",\"11.5.4\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1HF1\",\"11.5.4\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1HF1\",\"11.5.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1HF1\",\"11.5.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1HF1\",\"11.5.4\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.1HF1\",\"11.5.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1HF1\",\"11.5.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.0.0-11.6.1\",\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1HF1\",\"11.5.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0\",\"11.3.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.1.0\",\"11.6.1HF1\",\"11.5.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:13:58", "bulletinFamily": "scanner", "description": "A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.", "modified": "2019-11-02T00:00:00", "id": "ALA_ALAS-2015-596.NASL", "href": "https://www.tenable.com/plugins/nessus/86074", "published": "2015-09-23T00:00:00", "title": "Amazon Linux AMI : nss-softokn (ALAS-2015-596)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-596.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86074);\n script_version(\"2.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-2730\");\n script_xref(name:\"ALAS\", value:\"2015-596\");\n script_xref(name:\"RHSA\", value:\"2015:1699\");\n\n script_name(english:\"Amazon Linux AMI : nss-softokn (ALAS-2015-596)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-596.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update nss-softokn' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-softokn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-softokn-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-softokn-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-softokn-freebl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:nss-softokn-freebl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"nss-softokn-3.16.2.3-13.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-softokn-debuginfo-3.16.2.3-13.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-softokn-devel-3.16.2.3-13.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-softokn-freebl-3.16.2.3-13.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"nss-softokn-freebl-devel-3.16.2.3-13.37.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss-softokn / nss-softokn-debuginfo / nss-softokn-devel / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T03:14:35", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2015:1699 :\n\nUpdated nss-softokn packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport cross-platform development of security-enabled client and\nserver applications.\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Watson Ladd as the original reporter of\nthis issue.\n\nAll nss-softokn users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2015-1699.NASL", "href": "https://www.tenable.com/plugins/nessus/85732", "published": "2015-09-02T00:00:00", "title": "Oracle Linux 6 / 7 : nss-softokn (ELSA-2015-1699)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1699 and \n# Oracle Linux Security Advisory ELSA-2015-1699 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85732);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2019/09/27 13:00:36\");\n\n script_cve_id(\"CVE-2015-2730\");\n script_xref(name:\"RHSA\", value:\"2015:1699\");\n\n script_name(english:\"Oracle Linux 6 / 7 : nss-softokn (ELSA-2015-1699)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1699 :\n\nUpdated nss-softokn packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport cross-platform development of security-enabled client and\nserver applications.\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Watson Ladd as the original reporter of\nthis issue.\n\nAll nss-softokn users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-September/005378.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-September/005379.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss-softokn packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-softokn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-softokn-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-softokn-freebl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-softokn-freebl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"nss-softokn-3.14.3-23.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nss-softokn-devel-3.14.3-23.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nss-softokn-freebl-3.14.3-23.el6_7\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"nss-softokn-freebl-devel-3.14.3-23.el6_7\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-softokn-3.16.2.3-13.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-softokn-devel-3.16.2.3-13.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-softokn-freebl-3.16.2.3-13.el7_1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"nss-softokn-freebl-devel-3.16.2.3-13.el7_1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss-softokn / nss-softokn-devel / nss-softokn-freebl / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T03:18:49", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Pick up upstream freebl patch for (CVE-2015-2730)\n\n - Check for P == Q or P ==-Q before adding P and Q", "modified": "2019-11-02T00:00:00", "id": "ORACLEVM_OVMSA-2015-0118.NASL", "href": "https://www.tenable.com/plugins/nessus/85733", "published": "2015-09-02T00:00:00", "title": "OracleVM 3.3 : nss-softokn (OVMSA-2015-0118)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0118.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85733);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2019/09/27 13:00:34\");\n\n script_cve_id(\"CVE-2015-2730\");\n script_bugtraq_id(75541);\n\n script_name(english:\"OracleVM 3.3 : nss-softokn (OVMSA-2015-0118)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Pick up upstream freebl patch for (CVE-2015-2730)\n\n - Check for P == Q or P ==-Q before adding P and Q\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2015-September/000366.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?70b29f79\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss-softokn / nss-softokn-freebl packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:nss-softokn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:nss-softokn-freebl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"nss-softokn-3.14.3-23.el6_7\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"nss-softokn-freebl-3.14.3-23.el6_7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss-softokn / nss-softokn-freebl\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:15:28", "bulletinFamily": "scanner", "description": "Updated nss-softokn packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport cross-platform development of security-enabled client and\nserver applications.\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Watson Ladd as the original reporter of\nthis issue.\n\nAll nss-softokn users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.", "modified": "2019-11-02T00:00:00", "id": "CENTOS_RHSA-2015-1699.NASL", "href": "https://www.tenable.com/plugins/nessus/86501", "published": "2015-10-22T00:00:00", "title": "CentOS 6 / 7 : nss-softokn (CESA-2015:1699)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1699 and \n# CentOS Errata and Security Advisory 2015:1699 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86501);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2019/10/02 15:30:20\");\n\n script_cve_id(\"CVE-2015-2730\");\n script_xref(name:\"RHSA\", value:\"2015:1699\");\n\n script_name(english:\"CentOS 6 / 7 : nss-softokn (CESA-2015:1699)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated nss-softokn packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport cross-platform development of security-enabled client and\nserver applications.\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Watson Ladd as the original reporter of\nthis issue.\n\nAll nss-softokn users are advised to upgrade to these updated\npackages, which contain a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-September/021357.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6569652d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-September/021362.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e62d2f29\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss-softokn packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-softokn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-softokn-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-softokn-freebl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-softokn-freebl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x / 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-softokn-3.14.3-23.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-softokn-devel-3.14.3-23.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-softokn-freebl-3.14.3-23.el6_7\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"nss-softokn-freebl-devel-3.14.3-23.el6_7\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nss-softokn-3.16.2.3-13.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nss-softokn-devel-3.16.2.3-13.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nss-softokn-freebl-3.16.2.3-13.el7_1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"nss-softokn-freebl-devel-3.16.2.3-13.el7_1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss-softokn / nss-softokn-devel / nss-softokn-freebl / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T03:14:34", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2015:1664 :\n\nUpdated nss packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport cross-platform development of security-enabled client and\nserver applications.\n\nIt was found that NSS permitted skipping of the ServerKeyExchange\npacket during a handshake involving ECDHE (Elliptic Curve\nDiffie-Hellman key Exchange). A remote attacker could use this flaw to\nbypass the forward-secrecy of a TLS/SSL connection. (CVE-2015-2721)\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Karthikeyan Bhargavan as the original\nreporter of CVE-2015-2721, and Watson Ladd as the original reporter of\nCVE-2015-2730.\n\nThe nss packages have been upgraded to upstream version 3.19.1, which\nprovides a number of bug fixes and enhancements over the previous\nversion.\n\nAll nss users are advised to upgrade to these updated packages, which\ncorrect these issues.", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2015-1664.NASL", "href": "https://www.tenable.com/plugins/nessus/85611", "published": "2015-08-25T00:00:00", "title": "Oracle Linux 5 : nss (ELSA-2015-1664)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1664 and \n# Oracle Linux Security Advisory ELSA-2015-1664 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85611);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2019/09/27 13:00:36\");\n\n script_cve_id(\"CVE-2015-2721\", \"CVE-2015-2730\");\n script_xref(name:\"RHSA\", value:\"2015:1664\");\n\n script_name(english:\"Oracle Linux 5 : nss (ELSA-2015-1664)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1664 :\n\nUpdated nss packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport cross-platform development of security-enabled client and\nserver applications.\n\nIt was found that NSS permitted skipping of the ServerKeyExchange\npacket during a handshake involving ECDHE (Elliptic Curve\nDiffie-Hellman key Exchange). A remote attacker could use this flaw to\nbypass the forward-secrecy of a TLS/SSL connection. (CVE-2015-2721)\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Karthikeyan Bhargavan as the original\nreporter of CVE-2015-2721, and Watson Ladd as the original reporter of\nCVE-2015-2730.\n\nThe nss packages have been upgraded to upstream version 3.19.1, which\nprovides a number of bug fixes and enhancements over the previous\nversion.\n\nAll nss users are advised to upgrade to these updated packages, which\ncorrect these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-August/005357.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected nss packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"nss-3.19.1-1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nss-devel-3.19.1-1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nss-pkcs11-devel-3.19.1-1.el5_11\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"nss-tools-3.19.1-1.el5_11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-devel / nss-pkcs11-devel / nss-tools\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:15:28", "bulletinFamily": "scanner", "description": "Updated nss packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport cross-platform development of security-enabled client and\nserver applications.\n\nIt was found that NSS permitted skipping of the ServerKeyExchange\npacket during a handshake involving ECDHE (Elliptic Curve\nDiffie-Hellman key Exchange). A remote attacker could use this flaw to\nbypass the forward-secrecy of a TLS/SSL connection. (CVE-2015-2721)\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Karthikeyan Bhargavan as the original\nreporter of CVE-2015-2721, and Watson Ladd as the original reporter of\nCVE-2015-2730.\n\nThe nss packages have been upgraded to upstream version 3.19.1, which\nprovides a number of bug fixes and enhancements over the previous\nversion.\n\nAll nss users are advised to upgrade to these updated packages, which\ncorrect these issues.", "modified": "2019-11-02T00:00:00", "id": "CENTOS_RHSA-2015-1664.NASL", "href": "https://www.tenable.com/plugins/nessus/85634", "published": "2015-08-26T00:00:00", "title": "CentOS 5 : nss (CESA-2015:1664)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1664 and \n# CentOS Errata and Security Advisory 2015:1664 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85634);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2019/10/02 15:30:20\");\n\n script_cve_id(\"CVE-2015-2721\", \"CVE-2015-2730\");\n script_xref(name:\"RHSA\", value:\"2015:1664\");\n\n script_name(english:\"CentOS 5 : nss (CESA-2015:1664)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated nss packages that fix two security issues, several bugs, and\nadd various enhancements are now available for Red Hat Enterprise\nLinux 5.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport cross-platform development of security-enabled client and\nserver applications.\n\nIt was found that NSS permitted skipping of the ServerKeyExchange\npacket during a handshake involving ECDHE (Elliptic Curve\nDiffie-Hellman key Exchange). A remote attacker could use this flaw to\nbypass the forward-secrecy of a TLS/SSL connection. (CVE-2015-2721)\n\nA flaw was found in the way NSS verified certain ECDSA (Elliptic Curve\nDigital Signature Algorithm) signatures. Under certain conditions, an\nattacker could use this flaw to conduct signature forgery attacks.\n(CVE-2015-2730)\n\nRed Hat would like to thank the Mozilla project for reporting this\nissue. Upstream acknowledges Karthikeyan Bhargavan as the original\nreporter of CVE-2015-2721, and Watson Ladd as the original reporter of\nCVE-2015-2730.\n\nThe nss packages have been upgraded to upstream version 3.19.1, which\nprovides a number of bug fixes and enhancements over the previous\nversion.\n\nAll nss users are advised to upgrade to these updated packages, which\ncorrect these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-August/021343.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?145b118f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected nss packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"nss-3.19.1-1.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nss-devel-3.19.1-1.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nss-pkcs11-devel-3.19.1-1.el5_11\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"nss-tools-3.19.1-1.el5_11\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss / nss-devel / nss-pkcs11-devel / nss-tools\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:20:30", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in nss, the Mozilla\nNetwork Security Service library. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\nCVE-2015-2721\n\nKarthikeyan Bhargavan discovered that NSS incorrectly handles state\ntransitions for the TLS state machine. A man-in-the-middle attacker\ncould exploit this flaw to skip the ServerKeyExchange message and\nremove the forward-secrecy property.\n\nCVE-2015-2730\n\nWatson Ladd discovered that NSS does not properly perform Elliptical\nCurve Cryptography (ECC) multiplication, allowing a remote attacker to\npotentially spoof ECDSA signatures.\n\nFor the oldoldstable distribution (squeeze), these problems have been\nfixed in version 3.12.8-1+squeeze12.\n\nWe recommend that you upgrade your nss packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DLA-315.NASL", "href": "https://www.tenable.com/plugins/nessus/86154", "published": "2015-09-28T00:00:00", "title": "Debian DLA-315-1 : nss security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-315-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86154);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2015-2721\", \"CVE-2015-2730\");\n script_bugtraq_id(75541);\n\n script_name(english:\"Debian DLA-315-1 : nss security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in nss, the Mozilla\nNetwork Security Service library. The Common Vulnerabilities and\nExposures project identifies the following problems :\n\nCVE-2015-2721\n\nKarthikeyan Bhargavan discovered that NSS incorrectly handles state\ntransitions for the TLS state machine. A man-in-the-middle attacker\ncould exploit this flaw to skip the ServerKeyExchange message and\nremove the forward-secrecy property.\n\nCVE-2015-2730\n\nWatson Ladd discovered that NSS does not properly perform Elliptical\nCurve Cryptography (ECC) multiplication, allowing a remote attacker to\npotentially spoof ECDSA signatures.\n\nFor the oldoldstable distribution (squeeze), these problems have been\nfixed in version 3.12.8-1+squeeze12.\n\nWe recommend that you upgrade your nss packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/09/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/nss\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-1d-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libnss3-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libnss3-1d\", reference:\"3.12.8-1+squeeze12\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss3-1d-dbg\", reference:\"3.12.8-1+squeeze12\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss3-dev\", reference:\"3.12.8-1+squeeze12\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libnss3-tools\", reference:\"3.12.8-1+squeeze12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "mozilla": [{"lastseen": "2016-09-05T13:37:51", "bulletinFamily": "software", "description": "Mozilla community member Watson Ladd reported that the\nimplementation of Elliptical Curve Cryptography (ECC) multiplication for\nElliptic Curve Digital Signature Algorithm (ECDSA) signature validation in\nNetwork Security Services (NSS) did not handle exceptional cases correctly. This\ncould potentially allow for signature forgery. This issue was fixed in NSS\nversion 3.19.1.", "modified": "2015-07-02T00:00:00", "published": "2015-07-02T00:00:00", "id": "MFSA2015-64", "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-64/", "type": "mozilla", "title": "ECDSA signature validation fails to handle some signatures correctly", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:26", "bulletinFamily": "unix", "description": "Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721)\n\nWatson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730)\n\nAs a security improvement, this update modifies NSS behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack.\n\nThis update also refreshes the NSS package to version 3.19.2 which includes the latest CA certificate bundle.", "modified": "2015-07-09T00:00:00", "published": "2015-07-09T00:00:00", "id": "USN-2672-1", "href": "https://usn.ubuntu.com/2672-1/", "title": "NSS vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T17:22:54", "bulletinFamily": "unix", "description": "Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721)\n\nLooben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2722, CVE-2015-2733)\n\nBob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2726)\n\nArmin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-2727)\n\nPaul Bandha discovered a type confusion bug in the Indexed DB Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2728)\n\nHolger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-2729)\n\nWatson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730)\n\nA use-after-free was discovered when a Content Policy modifies the DOM to remove a DOM object. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2731)\n\nRonald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nDavid Keeler discovered that key pinning checks can be skipped when an overridable certificate error occurs. This allows a user to manually override an error for a fake certificate, but cannot be exploited on its own. (CVE-2015-2741)\n\nJonas Jenwald discovered that some internal workers were incorrectly executed with a high privilege. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another security vulnerability, to execute arbitrary code in a privileged scope. (CVE-2015-2743)\n\nMatthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000)", "modified": "2015-07-09T00:00:00", "published": "2015-07-09T00:00:00", "id": "USN-2656-1", "href": "https://usn.ubuntu.com/2656-1/", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T19:22:20", "bulletinFamily": "unix", "description": "USN-2656-1 fixed vulnerabilities in Firefox for Ubuntu 14.04 LTS and later releases.\n\nThis update provides the corresponding update for Ubuntu 12.04 LTS.\n\nOriginal advisory details:\n\nKarthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. (CVE-2015-2721)\n\nLooben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2722, CVE-2015-2733)\n\nBob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Tooru Fujisawa, Andrew Sutherland, and Gary Kwong discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2726)\n\nArmin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-2727)\n\nPaul Bandha discovered a type confusion bug in the Indexed DB Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2728)\n\nHolger Fuhrmannek discovered an out-of-bounds read in Web Audio. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-2729)\n\nWatson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. (CVE-2015-2730)\n\nA use-after-free was discovered when a Content Policy modifies the DOM to remove a DOM object. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the priviliges of the user invoking Firefox. (CVE-2015-2731)\n\nRonald Crane discovered multiple security vulnerabilities. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740)\n\nDavid Keeler discovered that key pinning checks can be skipped when an overridable certificate error occurs. This allows a user to manually override an error for a fake certificate, but cannot be exploited on its own. (CVE-2015-2741)\n\nJonas Jenwald discovered that some internal workers were incorrectly executed with a high privilege. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another security vulnerability, to execute arbitrary code in a privileged scope. (CVE-2015-2743)\n\nMatthew Green discovered a DHE key processing issue in NSS where a MITM could force a server to downgrade TLS connections to 512-bit export-grade cryptography. An attacker could potentially exploit this to impersonate the server. (CVE-2015-4000)", "modified": "2015-07-15T00:00:00", "published": "2015-07-15T00:00:00", "id": "USN-2656-2", "href": "https://usn.ubuntu.com/2656-2/", "title": "Firefox vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:22:27", "bulletinFamily": "unix", "description": "Package : nss\nVersion : 3.12.8-1+squeeze12\nCVE ID : CVE-2015-2721 CVE-2015-2730\n\nSeveral vulnerabilities have been discovered in nss, the Mozilla Network\nSecurity Service library. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2015-2721\n\n Karthikeyan Bhargavan discovered that NSS incorrectly handles state\n transitions for the TLS state machine. A man-in-the-middle attacker\n could exploit this flaw to skip the ServerKeyExchange message and\n remove the forward-secrecy property.\n\nCVE-2015-2730\n\n Watson Ladd discovered that NSS does not properly perform Elliptical\n Curve Cryptography (ECC) multiplication, allowing a remote attacker\n to potentially spoof ECDSA signatures.\n\nFor the oldoldstable distribution (squeeze), these problems have been fixed\nin version 3.12.8-1+squeeze12.\n\nWe recommend that you upgrade your nss packages.\n", "modified": "2015-09-27T11:36:49", "published": "2015-09-27T11:36:49", "id": "DEBIAN:DLA-315-1:C6985", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201509/msg00010.html", "title": "[SECURITY] [DLA 315-1] nss security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-30T02:22:59", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3336-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 17, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : nss\nCVE ID : CVE-2015-2721 CVE-2015-2730\n\nSeveral vulnerabilities have been discovered in nss, the Mozilla Network\nSecurity Service library. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2015-2721\n\n Karthikeyan Bhargavan discovered that NSS incorrectly handles state\n transitions for the TLS state machine. A man-in-the-middle attacker\n could exploit this flaw to skip the ServerKeyExchange message and\n remove the forward-secrecy property.\n\nCVE-2015-2730\n\n Watson Ladd discovered that NSS does not properly perform Elliptical\n Curve Cryptography (ECC) multiplication, allowing a remote attacker\n to potentially spoof ECDSA signatures.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 2:3.14.5-1+deb7u5.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:3.17.2-1.1+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed\nin version 2:3.19.1-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:3.19.1-1.\n\nWe recommend that you upgrade your nss packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2015-08-17T19:13:26", "published": "2015-08-17T19:13:26", "id": "DEBIAN:DSA-3336-1:F9DC2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00234.html", "title": "[SECURITY] [DSA 3336-1] nss security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "suse": [{"lastseen": "2016-09-04T12:03:49", "bulletinFamily": "unix", "description": "MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17\n security issues.\n\n For more details please check the changelogs.\n\n These security issues were fixed:\n - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety\n hazards (bsc#935979).\n - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979).\n - CVE-2015-2730: ECDSA signature validation fails to handle some\n signatures correctly (bsc#935979).\n - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using\n XMLHttpRequest (bsc#935979).\n -\n CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2\n 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection\n (bsc#935979).\n - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979).\n - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE\n cipher suites (bsc#935033).\n - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange\n (bsc#935979).\n\n This non-security issue was fixed:\n - bsc#908275: Firefox did not print in landscape orientation.\n\n", "modified": "2015-07-20T12:09:44", "published": "2015-07-20T12:09:44", "id": "SUSE-SU-2015:1268-2", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00035.html", "title": "Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:20:21", "bulletinFamily": "unix", "description": "MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17\n security issues.\n\n For more details please check the changelogs.\n\n These security issues were fixed:\n - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety\n hazards (bsc#935979).\n - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979).\n - CVE-2015-2730: ECDSA signature validation fails to handle some\n signatures correctly (bsc#935979).\n - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using\n XMLHttpRequest (bsc#935979).\n -\n CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2\n 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection\n (bsc#935979).\n - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979).\n - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE\n cipher suites (bsc#935033).\n - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange\n (bsc#935979).\n\n This non-security issue was fixed:\n - bsc#908275: Firefox did not print in landscape orientation.\n\n", "modified": "2015-07-20T11:08:17", "published": "2015-07-20T11:08:17", "id": "SUSE-SU-2015:1268-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:23:40", "bulletinFamily": "unix", "description": "MozillaFirefox, mozilla-nspr and mozilla-nss were updated to fix 17\n security issues.\n\n For more details please check the changelogs.\n - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety\n hazards (bsc#935979).\n - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979).\n - CVE-2015-2730: ECDSA signature validation fails to handle some\n signatures correctly (bsc#935979).\n - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using\n XMLHttpRequest (bsc#935979).\n -\n CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2\n 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection\n (bsc#935979).\n - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979).\n - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE\n cipher suites (bsc#935033).\n - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange\n (bsc#935979).\n\n", "modified": "2015-07-20T12:08:39", "published": "2015-07-20T12:08:39", "id": "SUSE-SU-2015:1269-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html", "type": "suse", "title": "Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:13:39", "bulletinFamily": "unix", "description": "MozillaFirefox was updated to version 39.0 to fix 21 security issues.\n\n These security issues were fixed:\n - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety\n hazards (bsc#935979).\n - CVE-2015-2727: Local files or privileged URLs in pages can be opened\n into new tabs (bsc#935979).\n - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979).\n - CVE-2015-2729: Out-of-bound read while computing an oscillator rendering\n range in Web Audio (bsc#935979).\n - CVE-2015-2731: Use-after-free in Content Policy due to microtask\n execution error (bsc#935979).\n - CVE-2015-2730: ECDSA signature validation fails to handle some\n signatures correctly (bsc#935979).\n - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using\n XMLHttpRequest (bsc#935979).\n -\n CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2\n 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection\n (bsc#935979).\n - CVE-2015-2741: Key pinning is ignored when overridable errors are\n encountered (bsc#935979).\n - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979).\n - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE\n cipher suites (bsc#935979).\n - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange\n (bsc#935979).\n\n New features:\n - Share Hello URLs with social networks\n - Support for 'switch' role in ARIA 1.1 (web accessibility)\n - SafeBrowsing malware detection lookups enabled for downloads (Mac OS X\n and Linux)\n - Support for new Unicode 8.0 skin tone emoji\n - Removed support for insecure SSLv3 for network communications\n - Disable use of RC4 except for temporarily whitelisted hosts\n - NPAPI Plug-in performance improved via asynchronous initialization\n\n mozilla-nss was updated to version 3.19.2 to fix some of the security\n issues listed above.\n\n", "modified": "2015-07-13T11:07:56", "published": "2015-07-13T11:07:56", "id": "OPENSUSE-SU-2015:1229-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:38:48", "bulletinFamily": "unix", "description": "Mozilla Firefox is being updated to the current Firefox 38ESR branch\n (specifically the 38.2.0ESR release).\n\n Security issues fixed:\n - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file\n stealing via PDF reader\n - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety\n hazards (rv:40.0 / rv:38.2)\n - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file\n - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable\n JavaScript object properties\n - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright\n - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in\n JavaScript\n - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling\n bitmap images\n - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx\n when decoding WebM video\n - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489:\n Vulnerabilities found through code inspection\n - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with\n shared workers\n\n The following vulnerabilities were fixed in ESR31 and are also included\n here:\n - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety\n hazards (bsc#935979).\n - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979).\n - CVE-2015-2730: ECDSA signature validation fails to handle some\n signatures correctly (bsc#935979).\n - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using\n XMLHttpRequest (bsc#935979).\n -\n CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2\n 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection\n (bsc#935979).\n - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979).\n - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE\n cipher suites (bsc#935033).\n - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange\n (bsc#935979).\n\n This update also contains a lot of feature improvements and bug fixes from\n 31ESR to 38ESR.\n\n Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which\n is what Firefox 38ESR uses.\n\n Mozilla Firefox and mozilla-nss were updated to fix 17 security issues.\n\n", "modified": "2015-08-28T16:10:19", "published": "2015-08-28T16:10:19", "id": "SUSE-SU-2015:1449-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html", "title": "Security update for MozillaFirefox, mozilla-nss (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:23", "bulletinFamily": "unix", "description": "Combined Mozilla update:\n - Update Firefox to 31.8.0\n - Update Thunderbird to 31.8.0\n - Update mozilla-nspr to 4.10.6\n - Update mozilla-nss to 3.19.2 to fix several security issues.\n\n", "modified": "2015-07-18T19:07:56", "published": "2015-07-18T19:07:56", "id": "OPENSUSE-SU-2015:1266-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", "type": "suse", "title": "Mozilla (Firefox/Thunderbird) updates to 31.8.0 (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2019-03-21T00:14:35", "bulletinFamily": "info", "description": "### *Detect date*:\n07/02/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Mozilla products. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nMozilla Firefox versions earlier than 39 \nMozilla Firefox ESR versions earlier than 31.8 \nMozilla Firefox ESR versions earlier than 38.1 \nMozilla Thunderbird versions earlier than 38.1\n\n### *Solution*:\nUpdate to the latest version \n[Get Mozilla Thunderbird](<https://www.mozilla.org/en-US/thunderbird/>) \n[Get Mozilla Firefox ESR](<https://www.mozilla.org/en-US/firefox/organizations/faq/>) \n[Get Mozilla Firefox](<https://www.mozilla.org/en-US/firefox/new/>)\n\n### *Original advisories*:\n[Mozilla Foundation security Advisories](<https://www.mozilla.org/en-US/security/advisories/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla Firefox](<https://threats.kaspersky.com/en/product/Mozilla-Firefox/>)\n\n### *CVE-IDS*:\n[CVE-2015-2731](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731>)10.0Critical \n[CVE-2015-2734](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734>)10.0Critical \n[CVE-2015-2742](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2742>)4.3Critical \n[CVE-2015-2739](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739>)10.0Critical \n[CVE-2015-2738](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738>)10.0Critical \n[CVE-2015-2735](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735>)9.3Critical \n[CVE-2015-2743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2743>)7.5Critical \n[CVE-2015-2721](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721>)4.3Critical \n[CVE-2015-2730](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730>)4.3Critical \n[CVE-2015-2740](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740>)10.0Critical \n[CVE-2015-2741](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2741>)4.3Critical \n[CVE-2015-2728](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2728>)7.5Critical \n[CVE-2015-2727](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2727>)6.8Critical \n[CVE-2015-2725](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2725>)10.0Critical \n[CVE-2015-2726](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2726>)10.0Critical \n[CVE-2015-2733](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2733>)10.0Critical \n[CVE-2015-2724](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724>)10.0Critical \n[CVE-2015-2729](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2729>)5.0Critical \n[CVE-2015-2722](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2722>)10.0Critical \n[CVE-2015-2737](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737>)10.0Critical \n[CVE-2015-2736](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736>)9.3Critical", "modified": "2019-03-07T00:00:00", "published": "2015-07-02T00:00:00", "id": "KLA10622", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10622", "title": "\r KLA10622Multiple vulnerabilities in Mozilla products ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:09", "bulletinFamily": "unix", "description": "\nThe Mozilla Project reports:\n\nMFSA 2015-59 Miscellaneous memory safety hazards (rv:39.0\n\t / rv:31.8 / rv:38.1)\nMFSA 2015-60 Local files or privileged URLs in pages can\n\t be opened into new tabs\nMFSA 2015-61 Type confusion in Indexed Database\n\t Manager\nMFSA 2015-62 Out-of-bound read while computing an\n\t oscillator rendering range in Web Audio\nMFSA 2015-63 Use-after-free in Content Policy due to\n\t microtask execution error\nMFSA 2015-64 ECDSA signature validation fails to handle\n\t some signatures correctly\nMFSA 2015-65 Use-after-free in workers while using\n\t XMLHttpRequest\nMFSA 2015-66 Vulnerabilities found through code\n\t inspection\nMFSA 2015-67 Key pinning is ignored when overridable\n\t errors are encountered\nMFSA 2015-68 OS X crash reports may contain entered key\n\t press information\nMFSA 2015-69 Privilege escalation through internal\n\t workers\nMFSA 2015-70 NSS accepts export-length DHE keys with\n\t regular DHE cipher suites\nMFSA 2015-71 NSS incorrectly permits skipping of\n\t ServerKeyExchange\n\n", "modified": "2015-09-22T00:00:00", "published": "2015-07-02T00:00:00", "id": "44D9DAEE-940C-4179-86BB-6E3FFD617869", "href": "https://vuxml.freebsd.org/freebsd/44d9daee-940c-4179-86bb-6e3ffd617869.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "description": "Multiple NSS cryptography vulnerabilities, memory corruptions, restriction bypasses, information disclosure, privilege escalation.", "modified": "2015-07-13T00:00:00", "published": "2015-07-13T00:00:00", "id": "SECURITYVULNS:VULN:14573", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14573", "title": "Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:17", "bulletinFamily": "unix", "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-38.5.0\"\n \n\nAll Firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-38.5.0\"\n \n\nAll Thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-38.5.0\"\n \n\nAll Thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-38.5.0\"", "modified": "2015-12-31T00:00:00", "published": "2015-12-30T00:00:00", "id": "GLSA-201512-10", "href": "https://security.gentoo.org/glsa/201512-10", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
