{"cve": [{"lastseen": "2018-10-04T11:17:15", "bulletinFamily": "NVD", "description": "Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.", "modified": "2018-10-03T18:00:39", "published": "2009-08-03T10:30:00", "id": "CVE-2009-2404", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2404", "title": "CVE-2009-2404", "type": "cve", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-11T11:33:53", "bulletinFamily": "NVD", "description": "The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.", "modified": "2018-10-10T15:40:05", "published": "2009-07-30T15:30:00", "id": "CVE-2009-2409", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2409", "title": "CVE-2009-2409", "type": "cve", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-04T11:17:15", "bulletinFamily": "NVD", "description": "Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.", "modified": "2018-10-03T18:00:43", "published": "2009-07-30T15:30:00", "id": "CVE-2009-2408", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2408", "title": "CVE-2009-2408", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:17:12", "bulletinFamily": "scanner", "description": "CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) CVE-2009-2408 firefox/nss: doesn't handle NULL in Common Name properly CVE-2009-2404 nss regexp heap overflow\n\nThe packages with this update are identical to the packages released on the 20th of July 2009. They are being reissued as a Security Advisory as they fixed a number of security issues that were made public today. If you are installing these packages for the first time, they also provide a number of bug fixes and add an enhancement. Since the packages are identical, there is no need to install this update if the nspr/nss packages from July 20, 2009 have already been installed.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser.\n(CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted.\nOnly if the user then accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409)", "modified": "2019-01-02T00:00:00", "id": "SL_20090731_NSPR_AND_NSS_FOR_SL_5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60632", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : nspr and nss for SL 5.x on i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60632);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/02 10:36:42\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n\n script_name(english:\"Scientific Linux Security Update : nspr and nss for SL 5.x on i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky)\nCVE-2009-2408 firefox/nss: doesn't handle NULL in Common Name properly\nCVE-2009-2404 nss regexp heap overflow\n\nThe packages with this update are identical to the packages released\non the 20th of July 2009. They are being reissued as a Security\nAdvisory as they fixed a number of security issues that were made\npublic today. If you are installing these packages for the first time,\nthey also provide a number of bug fixes and add an enhancement. Since\nthe packages are identical, there is no need to install this update if\nthe nspr/nss packages from July 20, 2009 have already been installed.\n\nNetscape Portable Runtime (NSPR) provides platform independence for\nnon-GUI operating system facilities. These facilities include threads,\nthread synchronization, normal file and network I/O, interval timing,\ncalendar time, basic memory management (malloc and free), and shared\nlibrary linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications. Applications built with NSS can support SSLv2,\nSSLv3, TLS, and other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2,\nto a prerelease of version 3.12.4. The version of NSPR has also been\nupgraded from 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular\nexpression parser in the NSS library used by browsers such as Mozilla\nFirefox to match common names in certificates. A malicious website\ncould present a carefully-crafted certificate in such a way as to\ntrigger the heap overflow, leading to a crash or, possibly, arbitrary\ncode execution with the permissions of the user running the browser.\n(CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction\nin Firefox, the carefully-crafted certificate would need to be signed\nby a Certificate Authority trusted by Firefox, otherwise Firefox\npresents the victim with a warning that the certificate is untrusted.\nOnly if the user then accepts the certificate will the overflow take\nplace.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox\nhandle NULL characters in a certificate. If an attacker is able to get\na carefully-crafted certificate signed by a Certificate Authority\ntrusted by Firefox, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse Firefox into\naccepting it by mistake. (CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2\nhash signatures, even though MD2 is no longer considered a\ncryptographically strong algorithm. This could make it easier for an\nattacker to create a malicious certificate that would be treated as\ntrusted by a browser. NSS now disables the use of MD2 and MD4\nalgorithms inside signatures by default. (CVE-2009-2409)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0907&L=scientific-linux-errata&T=0&P=3323\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a920d6cb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"nspr-4.7.4-1.el5_3.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nspr-devel-4.7.4-1.el5_3.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-3.12.3.99.3-1.el5_3.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-devel-3.12.3.99.3-1.el5_3.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-pkcs11-devel-3.12.3.99.3-1.el5_3.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"nss-tools-3.12.3.99.3-1.el5_3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:14", "bulletinFamily": "scanner", "description": "Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404)\n\nMoxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408)\n\nDan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site.\n(CVE-2009-2409).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "UBUNTU_USN-810-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40490", "published": "2009-08-05T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 : nss vulnerabilities (USN-810-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-810-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40490);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/28 22:47:45\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_bugtraq_id(35888, 35891);\n script_xref(name:\"USN\", value:\"810-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 : nss vulnerabilities (USN-810-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Moxie Marlinspike discovered that NSS did not properly handle regular\nexpressions in certificate names. A remote attacker could create a\nspecially crafted certificate to cause a denial of service (via\napplication crash) or execute arbitrary code as the user invoking the\nprogram. (CVE-2009-2404)\n\nMoxie Marlinspike and Dan Kaminsky independently discovered that NSS\ndid not properly handle certificates with NULL characters in the\ncertificate name. An attacker could exploit this to perform a man in\nthe middle attack to view sensitive information or alter encrypted\ncommunications. (CVE-2009-2408)\n\nDan Kaminsky discovered NSS would still accept certificates with MD2\nhash signatures. As a result, an attacker could potentially create a\nmalicious trusted certificate to impersonate another site.\n(CVE-2009-2409).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/810-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss3-0d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss3-1d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss3-1d-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss3-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss3-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2018 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libnss3-0d\", pkgver:\"3.12.3.1-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libnss3-1d\", pkgver:\"3.12.3.1-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libnss3-1d-dbg\", pkgver:\"3.12.3.1-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libnss3-dev\", pkgver:\"3.12.3.1-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libnss3-tools\", pkgver:\"3.12.3.1-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libnss3-0d\", pkgver:\"3.12.3.1-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libnss3-1d\", pkgver:\"3.12.3.1-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libnss3-1d-dbg\", pkgver:\"3.12.3.1-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libnss3-dev\", pkgver:\"3.12.3.1-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libnss3-tools\", pkgver:\"3.12.3.1-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libnss3-0d\", pkgver:\"3.12.3.1-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libnss3-1d\", pkgver:\"3.12.3.1-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libnss3-1d-dbg\", pkgver:\"3.12.3.1-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libnss3-dev\", pkgver:\"3.12.3.1-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libnss3-tools\", pkgver:\"3.12.3.1-0ubuntu0.9.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libnss3-0d / libnss3-1d / libnss3-1d-dbg / libnss3-dev / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:14", "bulletinFamily": "scanner", "description": "Updated nspr and nss packages that fix security issues and a bug are now available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser.\n(CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted.\nOnly if the user then accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409)\n\nThese version upgrades also provide a fix for the following bug :\n\n* SSL client authentication failed against an Apache server when it was using the mod_nss module and configured for NSSOCSP. On the client side, the user agent received an error message that referenced 'Error Code: -12271' and stated that establishing an encrypted connection had failed because the certificate had been rejected by the host.\n\nOn the server side, the nss_error_log under /var/log/httpd/ contained the following message :\n\n[error] Re-negotiation handshake failed: Not accepted by client!?\n\nAlso, /var/log/httpd/error_log contained this error :\n\nSSL Library Error: -8071 The OCSP server experienced an internal error\n\nWith these updated packages, the dependency problem which caused this failure has been resolved so that SSL client authentication with an Apache web server using mod_nss which is configured for NSSOCSP succeeds as expected. Note that if the presented client certificate is expired, then access is denied, the user agent is presented with an error message about the invalid certificate, and the OCSP queries are seen in the OCSP responder. Also, similar OCSP status verification happens for SSL server certificates used in Apache upon instance start or restart. (BZ#508027)\n\nAll users of nspr and nss are advised to upgrade to these updated packages, which resolve these issues.", "modified": "2018-11-27T00:00:00", "id": "REDHAT-RHSA-2009-1184.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40439", "published": "2009-07-31T00:00:00", "title": "RHEL 4 : nspr and nss (RHSA-2009:1184)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1184. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40439);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_xref(name:\"RHSA\", value:\"2009:1184\");\n\n script_name(english:\"RHEL 4 : nspr and nss (RHSA-2009:1184)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated nspr and nss packages that fix security issues and a bug are\nnow available for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nNetscape Portable Runtime (NSPR) provides platform independence for\nnon-GUI operating system facilities. These facilities include threads,\nthread synchronization, normal file and network I/O, interval timing,\ncalendar time, basic memory management (malloc and free), and shared\nlibrary linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications. Applications built with NSS can support SSLv2,\nSSLv3, TLS, and other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2,\nto a prerelease of version 3.12.4. The version of NSPR has also been\nupgraded from 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular\nexpression parser in the NSS library used by browsers such as Mozilla\nFirefox to match common names in certificates. A malicious website\ncould present a carefully-crafted certificate in such a way as to\ntrigger the heap overflow, leading to a crash or, possibly, arbitrary\ncode execution with the permissions of the user running the browser.\n(CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction\nin Firefox, the carefully-crafted certificate would need to be signed\nby a Certificate Authority trusted by Firefox, otherwise Firefox\npresents the victim with a warning that the certificate is untrusted.\nOnly if the user then accepts the certificate will the overflow take\nplace.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox\nhandle NULL characters in a certificate. If an attacker is able to get\na carefully-crafted certificate signed by a Certificate Authority\ntrusted by Firefox, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse Firefox into\naccepting it by mistake. (CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2\nhash signatures, even though MD2 is no longer considered a\ncryptographically strong algorithm. This could make it easier for an\nattacker to create a malicious certificate that would be treated as\ntrusted by a browser. NSS now disables the use of MD2 and MD4\nalgorithms inside signatures by default. (CVE-2009-2409)\n\nThese version upgrades also provide a fix for the following bug :\n\n* SSL client authentication failed against an Apache server when it\nwas using the mod_nss module and configured for NSSOCSP. On the client\nside, the user agent received an error message that referenced 'Error\nCode: -12271' and stated that establishing an encrypted connection had\nfailed because the certificate had been rejected by the host.\n\nOn the server side, the nss_error_log under /var/log/httpd/ contained\nthe following message :\n\n[error] Re-negotiation handshake failed: Not accepted by client!?\n\nAlso, /var/log/httpd/error_log contained this error :\n\nSSL Library Error: -8071 The OCSP server experienced an internal error\n\nWith these updated packages, the dependency problem which caused this\nfailure has been resolved so that SSL client authentication with an\nApache web server using mod_nss which is configured for NSSOCSP\nsucceeds as expected. Note that if the presented client certificate is\nexpired, then access is denied, the user agent is presented with an\nerror message about the invalid certificate, and the OCSP queries are\nseen in the OCSP responder. Also, similar OCSP status verification\nhappens for SSL server certificates used in Apache upon instance start\nor restart. (BZ#508027)\n\nAll users of nspr and nss are advised to upgrade to these updated\npackages, which resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1184\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1184\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"nspr-4.7.4-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"nspr-devel-4.7.4-1.el4_8.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"nss-3.12.3.99.3-1.el4_8.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"nss-devel-3.12.3.99.3-1.el4_8.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"nss-tools-3.12.3.99.3-1.el4_8.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nspr / nspr-devel / nss / nss-devel / nss-tools\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:12", "bulletinFamily": "scanner", "description": "CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) CVE-2009-2408 firefox/nss: doesn't handle NULL in Common Name properly CVE-2009-2404 nss regexp heap overflow\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser.\n(CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted.\nOnly if the user then accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409)\n\nThese version upgrades also provide a fix for the following bug :\n\n - SSL client authentication failed against an Apache server when it was using the mod_nss module and configured for NSSOCSP. On the client side, the user agent received an error message that referenced 'Error Code :\n\n - -12271' and stated that establishing an encrypted connection had failed because the certificate had been rejected by the host.\n\nOn the server side, the nss_error_log under /var/log/httpd/ contained the following message :\n\n[error] Re-negotiation handshake failed: Not accepted by client!?\n\nAlso, /var/log/httpd/error_log contained this error :\n\nSSL Library Error: -8071 The OCSP server experienced an internal error\n\nWith these updated packages, the dependency problem which caused this failure has been resolved so that SSL client authentication with an Apache web server using mod_nss which is configured for NSSOCSP succeeds as expected. Note that if the presented client certificate is expired, then access is denied, the user agent is presented with an error message about the invalid certificate, and the OCSP queries are seen in the OCSP responder. Also, similar OCSP status verification happens for SSL server certificates used in Apache upon instance start or restart. (BZ#508027)", "modified": "2019-01-02T00:00:00", "id": "SL_20090731_NSPR_AND_NSS_FOR_SL_4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60631", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : nspr and nss for SL 4.x on i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60631);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/02 10:36:42\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n\n script_name(english:\"Scientific Linux Security Update : nspr and nss for SL 4.x on i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky)\nCVE-2009-2408 firefox/nss: doesn't handle NULL in Common Name properly\nCVE-2009-2404 nss regexp heap overflow\n\nNetscape Portable Runtime (NSPR) provides platform independence for\nnon-GUI operating system facilities. These facilities include threads,\nthread synchronization, normal file and network I/O, interval timing,\ncalendar time, basic memory management (malloc and free), and shared\nlibrary linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications. Applications built with NSS can support SSLv2,\nSSLv3, TLS, and other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2,\nto a prerelease of version 3.12.4. The version of NSPR has also been\nupgraded from 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular\nexpression parser in the NSS library used by browsers such as Mozilla\nFirefox to match common names in certificates. A malicious website\ncould present a carefully-crafted certificate in such a way as to\ntrigger the heap overflow, leading to a crash or, possibly, arbitrary\ncode execution with the permissions of the user running the browser.\n(CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction\nin Firefox, the carefully-crafted certificate would need to be signed\nby a Certificate Authority trusted by Firefox, otherwise Firefox\npresents the victim with a warning that the certificate is untrusted.\nOnly if the user then accepts the certificate will the overflow take\nplace.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox\nhandle NULL characters in a certificate. If an attacker is able to get\na carefully-crafted certificate signed by a Certificate Authority\ntrusted by Firefox, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse Firefox into\naccepting it by mistake. (CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2\nhash signatures, even though MD2 is no longer considered a\ncryptographically strong algorithm. This could make it easier for an\nattacker to create a malicious certificate that would be treated as\ntrusted by a browser. NSS now disables the use of MD2 and MD4\nalgorithms inside signatures by default. (CVE-2009-2409)\n\nThese version upgrades also provide a fix for the following bug :\n\n - SSL client authentication failed against an Apache\n server when it was using the mod_nss module and\n configured for NSSOCSP. On the client side, the user\n agent received an error message that referenced 'Error\n Code :\n\n - -12271' and stated that establishing an encrypted\n connection had failed because the certificate had been\n rejected by the host.\n\nOn the server side, the nss_error_log under /var/log/httpd/ contained\nthe following message :\n\n[error] Re-negotiation handshake failed: Not accepted by client!?\n\nAlso, /var/log/httpd/error_log contained this error :\n\nSSL Library Error: -8071 The OCSP server experienced an internal error\n\nWith these updated packages, the dependency problem which caused this\nfailure has been resolved so that SSL client authentication with an\nApache web server using mod_nss which is configured for NSSOCSP\nsucceeds as expected. Note that if the presented client certificate is\nexpired, then access is denied, the user agent is presented with an\nerror message about the invalid certificate, and the OCSP queries are\nseen in the OCSP responder. Also, similar OCSP status verification\nhappens for SSL server certificates used in Apache upon instance start\nor restart. (BZ#508027)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=508027\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0907&L=scientific-linux-errata&T=0&P=3189\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?577411ae\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"nspr-4.7.4-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nspr-devel-4.7.4-1.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nss-3.12.3.99.3-1.el4_8.2\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nss-devel-3.12.3.99.3-1.el4_8.2\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"nss-tools-3.12.3.99.3-1.el4_8.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:13:05", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-2404 Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code.\n\n - CVE-2009-2408 Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate.\n\n - CVE-2009-2409 Certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptograhically secure.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-1874.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=44739", "published": "2010-02-24T00:00:00", "title": "Debian DSA-1874-1 : nss - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1874. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44739);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/10 11:49:34\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_bugtraq_id(35888, 35891);\n script_xref(name:\"DSA\", value:\"1874\");\n\n script_name(english:\"Debian DSA-1874-1 : nss - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Network Security\nService libraries. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2009-2404\n Moxie Marlinspike discovered that a buffer overflow in\n the regular expression parser could lead to the\n execution of arbitrary code.\n\n - CVE-2009-2408\n Dan Kaminsky discovered that NULL characters in\n certificate names could lead to man-in-the-middle\n attacks by tricking the user into accepting a rogue\n certificate.\n\n - CVE-2009-2409\n Certificates with MD2 hash signatures are no longer\n accepted since they're no longer considered\n cryptograhically secure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-2404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-2408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-2409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1874\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the nss packages.\n\nThe old stable distribution (etch) doesn't contain nss.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.12.3.1-0lenny1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libnss3-1d\", reference:\"3.12.3.1-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libnss3-1d-dbg\", reference:\"3.12.3.1-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libnss3-dev\", reference:\"3.12.3.1-0lenny1\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libnss3-tools\", reference:\"3.12.3.1-0lenny1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:18:39", "bulletinFamily": "scanner", "description": "USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS (e.g. Firefox) to have an executable stack. This reduced the effectiveness of some defensive security protections. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nMoxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404)\n\nMoxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.\n(CVE-2009-2408)\n\nDan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "UBUNTU_USN-810-3.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=65117", "published": "2013-03-09T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 : nss regression (USN-810-3)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-810-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65117);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/28 22:47:45\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_xref(name:\"USN\", value:\"810-3\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 : nss regression (USN-810-3)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that\nthe new libraries on amd64 did not correctly set stack memory flags,\nand caused applications using NSS (e.g. Firefox) to have an executable\nstack. This reduced the effectiveness of some defensive security\nprotections. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nMoxie Marlinspike discovered that NSS did not properly handle regular\nexpressions in certificate names. A remote attacker could create a\nspecially crafted certificate to cause a denial of service (via\napplication crash) or execute arbitrary code as the user invoking the\nprogram. (CVE-2009-2404)\n\nMoxie Marlinspike and Dan Kaminsky independently discovered\nthat NSS did not properly handle certificates with NULL\ncharacters in the certificate name. An attacker could\nexploit this to perform a man in the middle attack to view\nsensitive information or alter encrypted communications.\n(CVE-2009-2408)\n\nDan Kaminsky discovered NSS would still accept certificates\nwith MD2 hash signatures. As a result, an attacker could\npotentially create a malicious trusted certificate to\nimpersonate another site. (CVE-2009-2409).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/810-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libnss3-1d package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnss3-1d\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2018 Canonical, Inc. / NASL script (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libnss3-1d\", pkgver:\"3.12.3.1-0ubuntu0.8.04.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libnss3-1d\", pkgver:\"3.12.3.1-0ubuntu0.8.10.2\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libnss3-1d\", pkgver:\"3.12.3.1-0ubuntu0.9.04.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libnss3-1d\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:18:15", "bulletinFamily": "scanner", "description": "Updated nspr and nss packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 4.7 Extended Update Support.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser.\n(CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted.\nOnly if the user then accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409)\n\nThese version upgrades also provide fixes for the following bugs :\n\n* SSL client authentication failed against an Apache server when it was using the mod_nss module and configured for NSSOCSP. On the client side, the user agent received an error message that referenced 'Error Code: -12271' and stated that establishing an encrypted connection had failed because the certificate had been rejected by the host.\n\nOn the server side, the nss_error_log under /var/log/httpd/ contained the following message :\n\n[error] Re-negotiation handshake failed: Not accepted by client!?\n\nAlso, /var/log/httpd/error_log contained this error :\n\nSSL Library Error: -8071 The OCSP server experienced an internal error\n\nWith these updated packages, the dependency problem which caused this failure has been resolved so that SSL client authentication with an Apache web server using mod_nss which is configured for NSSOCSP succeeds as expected. Note that if the presented client certificate is expired, then access is denied, the user agent is presented with an error message about the invalid certificate, and the OCSP queries are seen in the OCSP responder. Also, similar OCSP status verification happens for SSL server certificates used in Apache upon instance start or restart. (BZ#508026)\n\n* NSS uses a software integrity test to detect code corruption. RPM transactions and system link optimization daemons (such as prelink) can change the contents of libraries, causing the software integrity test to fail. In combination with the updated prelink package (RHBA-2009:1041), these updated packages can now prevent software integrity test failures. (BZ#495938)\n\nAll users of nspr and nss are advised to upgrade to these updated packages, which resolve these issues.", "modified": "2019-01-02T00:00:00", "id": "REDHAT-RHSA-2009-1190.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63888", "published": "2013-01-24T00:00:00", "title": "RHEL 4 : nspr and nss (RHSA-2009:1190)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1190. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63888);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_bugtraq_id(35888, 35891);\n script_xref(name:\"RHSA\", value:\"2009:1190\");\n\n script_name(english:\"RHEL 4 : nspr and nss (RHSA-2009:1190)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated nspr and nss packages that fix security issues and bugs are\nnow available for Red Hat Enterprise Linux 4.7 Extended Update\nSupport.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nNetscape Portable Runtime (NSPR) provides platform independence for\nnon-GUI operating system facilities. These facilities include threads,\nthread synchronization, normal file and network I/O, interval timing,\ncalendar time, basic memory management (malloc and free), and shared\nlibrary linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications. Applications built with NSS can support SSLv2,\nSSLv3, TLS, and other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2,\nto a prerelease of version 3.12.4. The version of NSPR has also been\nupgraded from 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular\nexpression parser in the NSS library used by browsers such as Mozilla\nFirefox to match common names in certificates. A malicious website\ncould present a carefully-crafted certificate in such a way as to\ntrigger the heap overflow, leading to a crash or, possibly, arbitrary\ncode execution with the permissions of the user running the browser.\n(CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction\nin Firefox, the carefully-crafted certificate would need to be signed\nby a Certificate Authority trusted by Firefox, otherwise Firefox\npresents the victim with a warning that the certificate is untrusted.\nOnly if the user then accepts the certificate will the overflow take\nplace.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox\nhandle NULL characters in a certificate. If an attacker is able to get\na carefully-crafted certificate signed by a Certificate Authority\ntrusted by Firefox, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse Firefox into\naccepting it by mistake. (CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2\nhash signatures, even though MD2 is no longer considered a\ncryptographically strong algorithm. This could make it easier for an\nattacker to create a malicious certificate that would be treated as\ntrusted by a browser. NSS now disables the use of MD2 and MD4\nalgorithms inside signatures by default. (CVE-2009-2409)\n\nThese version upgrades also provide fixes for the following bugs :\n\n* SSL client authentication failed against an Apache server when it\nwas using the mod_nss module and configured for NSSOCSP. On the client\nside, the user agent received an error message that referenced 'Error\nCode: -12271' and stated that establishing an encrypted connection had\nfailed because the certificate had been rejected by the host.\n\nOn the server side, the nss_error_log under /var/log/httpd/ contained\nthe following message :\n\n[error] Re-negotiation handshake failed: Not accepted by client!?\n\nAlso, /var/log/httpd/error_log contained this error :\n\nSSL Library Error: -8071 The OCSP server experienced an internal error\n\nWith these updated packages, the dependency problem which caused this\nfailure has been resolved so that SSL client authentication with an\nApache web server using mod_nss which is configured for NSSOCSP\nsucceeds as expected. Note that if the presented client certificate is\nexpired, then access is denied, the user agent is presented with an\nerror message about the invalid certificate, and the OCSP queries are\nseen in the OCSP responder. Also, similar OCSP status verification\nhappens for SSL server certificates used in Apache upon instance start\nor restart. (BZ#508026)\n\n* NSS uses a software integrity test to detect code corruption. RPM\ntransactions and system link optimization daemons (such as prelink)\ncan change the contents of libraries, causing the software integrity\ntest to fail. In combination with the updated prelink package\n(RHBA-2009:1041), these updated packages can now prevent software\nintegrity test failures. (BZ#495938)\n\nAll users of nspr and nss are advised to upgrade to these updated\npackages, which resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-2404.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-2408.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-2409.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2009-1190.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", reference:\"nspr-4.7.4-1.el4_7.1\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", reference:\"nspr-devel-4.7.4-1.el4_7.1\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", reference:\"nss-3.12.3.99.3-1.el4_7.6\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"7\", reference:\"nss-devel-3.12.3.99.3-1.el4_7.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:14", "bulletinFamily": "scanner", "description": "Updated nspr and nss packages that fix security issues, bugs, and add an enhancement are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe packages with this update are identical to the packages released by RHBA-2009:1161 on the 20th of July 2009. They are being reissued as a Red Hat Security Advisory as they fixed a number of security issues that were made public today. If you are installing these packages for the first time, they also provide a number of bug fixes and add an enhancement, as detailed in RHBA-2009:1161. Since the packages are identical, there is no need to install this update if RHBA-2009:1161 has already been installed.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser.\n(CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted.\nOnly if the user then accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409)\n\nAll users of nspr and nss are advised to upgrade to these updated packages, which resolve these issues and add an enhancement.", "modified": "2018-12-20T00:00:00", "id": "REDHAT-RHSA-2009-1186.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40441", "published": "2009-07-31T00:00:00", "title": "RHEL 5 : nspr and nss (RHSA-2009:1186)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1186. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40441);\n script_version (\"1.23\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_xref(name:\"RHSA\", value:\"2009:1186\");\n\n script_name(english:\"RHEL 5 : nspr and nss (RHSA-2009:1186)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated nspr and nss packages that fix security issues, bugs, and add\nan enhancement are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe packages with this update are identical to the packages released\nby RHBA-2009:1161 on the 20th of July 2009. They are being reissued as\na Red Hat Security Advisory as they fixed a number of security issues\nthat were made public today. If you are installing these packages for\nthe first time, they also provide a number of bug fixes and add an\nenhancement, as detailed in RHBA-2009:1161. Since the packages are\nidentical, there is no need to install this update if RHBA-2009:1161\nhas already been installed.\n\nNetscape Portable Runtime (NSPR) provides platform independence for\nnon-GUI operating system facilities. These facilities include threads,\nthread synchronization, normal file and network I/O, interval timing,\ncalendar time, basic memory management (malloc and free), and shared\nlibrary linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications. Applications built with NSS can support SSLv2,\nSSLv3, TLS, and other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2,\nto a prerelease of version 3.12.4. The version of NSPR has also been\nupgraded from 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular\nexpression parser in the NSS library used by browsers such as Mozilla\nFirefox to match common names in certificates. A malicious website\ncould present a carefully-crafted certificate in such a way as to\ntrigger the heap overflow, leading to a crash or, possibly, arbitrary\ncode execution with the permissions of the user running the browser.\n(CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction\nin Firefox, the carefully-crafted certificate would need to be signed\nby a Certificate Authority trusted by Firefox, otherwise Firefox\npresents the victim with a warning that the certificate is untrusted.\nOnly if the user then accepts the certificate will the overflow take\nplace.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox\nhandle NULL characters in a certificate. If an attacker is able to get\na carefully-crafted certificate signed by a Certificate Authority\ntrusted by Firefox, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse Firefox into\naccepting it by mistake. (CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2\nhash signatures, even though MD2 is no longer considered a\ncryptographically strong algorithm. This could make it easier for an\nattacker to create a malicious certificate that would be treated as\ntrusted by a browser. NSS now disables the use of MD2 and MD4\nalgorithms inside signatures by default. (CVE-2009-2409)\n\nAll users of nspr and nss are advised to upgrade to these updated\npackages, which resolve these issues and add an enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2408\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-2409\"\n );\n # http://rhn.redhat.com/errata/RHBA-2009-1161.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHBA-2009:1161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1186\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1186\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"nspr-4.7.4-1.el5_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nspr-devel-4.7.4-1.el5_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nss-3.12.3.99.3-1.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nss-devel-3.12.3.99.3-1.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nss-pkcs11-devel-3.12.3.99.3-1.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nss-tools-3.12.3.99.3-1.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nss-tools-3.12.3.99.3-1.el5_3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nss-tools-3.12.3.99.3-1.el5_3.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nspr / nspr-devel / nss / nss-devel / nss-pkcs11-devel / nss-tools\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:15", "bulletinFamily": "scanner", "description": "Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404).\n\nThis update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers", "modified": "2019-01-02T00:00:00", "id": "MANDRIVA_MDVSA-2009-197.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40522", "published": "2009-08-10T00:00:00", "title": "Mandriva Linux Security Advisory : nss (MDVSA-2009:197-3)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:197. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40522);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2019/01/02 16:37:54\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_bugtraq_id(35888, 35891);\n script_xref(name:\"MDVSA\", value:\"2009:197-3\");\n\n script_name(english:\"Mandriva Linux Security Advisory : nss (MDVSA-2009:197-3)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security issues in nss prior to 3.12.3 could lead to a\nman-in-the-middle attack via a spoofed X.509 certificate\n(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also\ncause a denial-of-service and possible code execution via a long\ndomain name in X.509 certificate (CVE-2009-2404).\n\nThis update provides the latest versions of NSS and NSPR libraries\nwhich are not vulnerable to those attacks.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64nss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnspr4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libnss3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64nspr-devel-4.7.5-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64nspr4-4.7.5-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64nss-devel-3.12.3.1-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64nss-static-devel-3.12.3.1-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64nss3-3.12.3.1-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libnspr-devel-4.7.5-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libnspr4-4.7.5-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libnss-devel-3.12.3.1-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libnss-static-devel-3.12.3.1-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libnss3-3.12.3.1-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"nss-3.12.3.1-0.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:14", "bulletinFamily": "scanner", "description": "USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS.\n\nMoxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404)\n\nMoxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.\n(CVE-2009-2408)\n\nDan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "UBUNTU_USN-810-2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40491", "published": "2009-08-05T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 / 9.04 : nspr update (USN-810-2)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-810-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40491);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/11/28 22:47:45\");\n\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_bugtraq_id(35888, 35891);\n script_xref(name:\"USN\", value:\"810-2\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 / 9.04 : nspr update (USN-810-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR\nneeded to use the new NSS.\n\nMoxie Marlinspike discovered that NSS did not properly handle regular\nexpressions in certificate names. A remote attacker could create a\nspecially crafted certificate to cause a denial of service (via\napplication crash) or execute arbitrary code as the user invoking the\nprogram. (CVE-2009-2404)\n\nMoxie Marlinspike and Dan Kaminsky independently discovered\nthat NSS did not properly handle certificates with NULL\ncharacters in the certificate name. An attacker could\nexploit this to perform a man in the middle attack to view\nsensitive information or alter encrypted communications.\n(CVE-2009-2408)\n\nDan Kaminsky discovered NSS would still accept certificates\nwith MD2 hash signatures. As a result, an attacker could\npotentially create a malicious trusted certificate to\nimpersonate another site. (CVE-2009-2409).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/810-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libnspr4-0d, libnspr4-0d-dbg and / or libnspr4-dev\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr4-0d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr4-0d-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libnspr4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2018 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libnspr4-0d\", pkgver:\"4.7.5-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libnspr4-0d-dbg\", pkgver:\"4.7.5-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libnspr4-dev\", pkgver:\"4.7.5-0ubuntu0.8.04.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libnspr4-0d\", pkgver:\"4.7.5-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libnspr4-0d-dbg\", pkgver:\"4.7.5-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"libnspr4-dev\", pkgver:\"4.7.5-0ubuntu0.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libnspr4-0d\", pkgver:\"4.7.5-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libnspr4-0d-dbg\", pkgver:\"4.7.5-0ubuntu0.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"libnspr4-dev\", pkgver:\"4.7.5-0ubuntu0.9.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libnspr4-0d / libnspr4-0d-dbg / libnspr4-dev\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:57", "bulletinFamily": "unix", "description": "USN-810-1 fixed vulnerabilities in NSS. Jozsef Kadlecsik noticed that the new libraries on amd64 did not correctly set stack memory flags, and caused applications using NSS (e.g. Firefox) to have an executable stack. This reduced the effectiveness of some defensive security protections. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nMoxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404)\n\nMoxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408)\n\nDan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409)", "modified": "2009-09-02T00:00:00", "published": "2009-09-02T00:00:00", "id": "USN-810-3", "href": "https://usn.ubuntu.com/810-3/", "title": "NSS regression", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:43", "bulletinFamily": "unix", "description": "USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS.\n\nOriginal advisory details:\n\nMoxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404)\n\nMoxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408)\n\nDan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409)", "modified": "2009-08-04T00:00:00", "published": "2009-08-04T00:00:00", "id": "USN-810-2", "href": "https://usn.ubuntu.com/810-2/", "title": "NSPR update", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:48", "bulletinFamily": "unix", "description": "Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404)\n\nMoxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408)\n\nDan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409)", "modified": "2009-08-04T00:00:00", "published": "2009-08-04T00:00:00", "id": "USN-810-1", "href": "https://usn.ubuntu.com/810-1/", "title": "NSS vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-04-06T11:38:53", "bulletinFamily": "scanner", "description": "The remote host is missing an update to nss\nannounced via advisory MDVSA-2009:197-2.", "modified": "2018-04-06T00:00:00", "published": "2009-09-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064842", "id": "OPENVAS:136141256231064842", "title": "Mandrake Security Advisory MDVSA-2009:197-2 (nss)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_197_2.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:197-2 (nss)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues in nss prior to 3.12.3 could lead to a\nman-in-the-middle attack via a spoofed X.509 certificate\n(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also\ncause a denial-of-service and possible code execution via a long\ndomain name in X.509 certificate (CVE-2009-2404).\n\nThis update provides the latest versions of NSS and NSPR libraries\nwhich are not vulnerable to those attacks.\n\nUpdate:\n\nThis update also provides fixed packages for Mandriva Linux 2008.1\nand fixes mozilla-thunderbird error messages.\n\nAffected: 2008.1\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:197-2\";\ntag_summary = \"The remote host is missing an update to nss\nannounced via advisory MDVSA-2009:197-2.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64842\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-15 22:46:32 +0200 (Tue, 15 Sep 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2404\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:197-2 (nss)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:50", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1184.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "modified": "2018-04-06T00:00:00", "published": "2009-08-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064508", "id": "OPENVAS:136141256231064508", "title": "RedHat Security Advisory RHSA-2009:1184", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1184.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1184 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1184.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64508\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1184\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1184.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.4~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.4~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.4~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.99.3~1.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.3.99.3~1.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.3.99.3~1.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.3.99.3~1.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:08", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1186.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues addressed in this update, please visit the\nreferenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues and add an enhancement.", "modified": "2018-04-06T00:00:00", "published": "2009-08-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064510", "id": "OPENVAS:136141256231064510", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1186", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1186.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1186 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1186.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues addressed in this update, please visit the\nreferenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues and add an enhancement.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64510\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1186\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1186.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHBA-2009-1161.html\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.4~1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.4~1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.99.3~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.3.99.3~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.3.99.3~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.4~1.el5_3.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.3.99.3~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.12.3.99.3~1.el5_3.2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:27:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update to nss\nannounced via advisory USN-810-1.", "modified": "2017-12-01T00:00:00", "published": "2009-08-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64573", "id": "OPENVAS:64573", "title": "Ubuntu USN-810-1 (nss)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_810_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_810_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-810-1 (nss)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 8.04 LTS:\n libnss3-1d 3.12.3.1-0ubuntu0.8.04.1\n\nUbuntu 8.10:\n libnss3-1d 3.12.3.1-0ubuntu0.8.10.1\n\nUbuntu 9.04:\n libnss3-1d 3.12.3.1-0ubuntu0.9.04.1\n\nAfter a standard system upgrade you need to restart an applications that\nuse NSS, such as Firefox, to effect the necessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-810-1\";\n\ntag_insight = \"Moxie Marlinspike discovered that NSS did not properly handle regular\nexpressions in certificate names. A remote attacker could create a\nspecially crafted certificate to cause a denial of service (via application\ncrash) or execute arbitrary code as the user invoking the program.\n(CVE-2009-2404)\n\nMoxie Marlinspike and Dan Kaminsky independently discovered that NSS did\nnot properly handle certificates with NULL characters in the certificate\nname. An attacker could exploit this to perform a man in the middle attack\nto view sensitive information or alter encrypted communications.\n(CVE-2009-2408)\n\nDan Kaminsky discovered NSS would still accept certificates with MD2 hash\nsignatures. As a result, an attacker could potentially create a malicious\ntrusted certificate to impersonate another site. (CVE-2009-2409)\";\ntag_summary = \"The remote host is missing an update to nss\nannounced via advisory USN-810-1.\";\n\n \n\n\nif(description)\n{\n script_id(64573);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-810-1 (nss)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-810-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"3.12.3.1-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d-dbg\", ver:\"3.12.3.1-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d\", ver:\"3.12.3.1-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"3.12.3.1-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"3.12.3.1-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d-dbg\", ver:\"3.12.3.1-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d\", ver:\"3.12.3.1-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"3.12.3.1-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"3.12.3.1-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"3.12.3.1-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d-dbg\", ver:\"3.12.3.1-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d\", ver:\"3.12.3.1-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"3.12.3.1-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"3.12.3.1-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"3.12.3.1-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update to nss\nannounced via advisory MDVSA-2009:197.", "modified": "2018-04-06T00:00:00", "published": "2009-08-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064607", "id": "OPENVAS:136141256231064607", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:197 (nss)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_197.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:197 (nss)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Security issues in nss prior to 3.12.3 could lead to a\nman-in-the-middle attack via a spoofed X.509 certificate\n(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also\ncause a denial-of-service and possible code execution via a long\ndomain name in X.509 certificate (CVE-2009-2404).\n\nThis update provides the latest versions of NSS and NSPR libraries\nwhich are not vulnerable to those attacks.\n\nAffected: 2009.0, 2009.1, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:197\";\ntag_summary = \"The remote host is missing an update to nss\nannounced via advisory MDVSA-2009:197.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64607\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2408\", \"CVE-2009-2409\", \"CVE-2009-2404\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:197 (nss)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.7.5~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.7.5~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.7.5~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.7.5~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.7.5~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.7.5~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.7.5~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.7.5~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.7.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.7.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.7.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.7.5~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.3.1~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:11", "bulletinFamily": "scanner", "description": "The remote host is missing an update to fixed\nannounced via advisory USN-810-2.\n\nOriginal advisory details:\n\n Moxie Marlinspike discovered that NSS did not properly handle regular\n expressions in certificate names. A remote attacker could create a\n specially crafted certificate to cause a denial of service (via application\n crash) or execute arbitrary code as the user invoking the program.\n (CVE-2009-2404)\n \n Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did\n not properly handle certificates with NULL characters in the certificate\n name. An attacker could exploit this to perform a man in the middle attack\n to view sensitive information or alter encrypted communications.\n (CVE-2009-2408)\n \n Dan Kaminsky discovered NSS would still accept certificates with MD2 hash\n signatures. As a result, an attacker could potentially create a malicious\n trusted certificate to impersonate another site. (CVE-2009-2409)", "modified": "2017-12-01T00:00:00", "published": "2009-08-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64574", "id": "OPENVAS:64574", "title": "Ubuntu USN-810-2 (fixed)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_810_2.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_810_2.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-810-2 (fixed)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing an update to fixed\nannounced via advisory USN-810-2.\n\nOriginal advisory details:\n\n Moxie Marlinspike discovered that NSS did not properly handle regular\n expressions in certificate names. A remote attacker could create a\n specially crafted certificate to cause a denial of service (via application\n crash) or execute arbitrary code as the user invoking the program.\n (CVE-2009-2404)\n \n Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did\n not properly handle certificates with NULL characters in the certificate\n name. An attacker could exploit this to perform a man in the middle attack\n to view sensitive information or alter encrypted communications.\n (CVE-2009-2408)\n \n Dan Kaminsky discovered NSS would still accept certificates with MD2 hash\n signatures. As a result, an attacker could potentially create a malicious\n trusted certificate to impersonate another site. (CVE-2009-2409)\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=USN-810-2\";\n \n\nif(description)\n{\n script_id(64574);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-810-2 (fixed)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-810-2/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d-dbg\", ver:\"4.7.5-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d\", ver:\"4.7.5-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-dev\", ver:\"4.7.5-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d-dbg\", ver:\"4.7.5-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d\", ver:\"4.7.5-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-dev\", ver:\"4.7.5-0ubuntu0.8.10.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d-dbg\", ver:\"4.7.5-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d\", ver:\"4.7.5-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-dev\", ver:\"4.7.5-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:24", "bulletinFamily": "scanner", "description": "The remote host is missing an update to nss\nannounced via advisory DSA 1874-1.", "modified": "2017-07-07T00:00:00", "published": "2009-09-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64758", "id": "OPENVAS:64758", "title": "Debian Security Advisory DSA 1874-1 (nss)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1874_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1874-1 (nss)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in the Network Security\nService libraries. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2009-2404\n\nMoxie Marlinspike discovered that a buffer overflow in the regular\nexpression parser could lead to the execution of arbitrary code.\n\nCVE-2009-2408\n\nDan Kaminsky discovered that NULL characters in certificate\nnames could lead to man-in-the-middle attacks by tricking the user\ninto accepting a rogue certificate.\n\nCVE-2009-2409\n\nCertificates with MD2 hash signatures are no longer accepted\nsince they're no longer considered cryptograhically secure.\n\n\nThe old stable distribution (etch) doesn't contain nss.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.12.3.1-0lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.12.3.1-1.\n\nWe recommend that you upgrade your nss packages.\";\ntag_summary = \"The remote host is missing an update to nss\nannounced via advisory DSA 1874-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201874-1\";\n\n\nif(description)\n{\n script_id(64758);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1874-1 (nss)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libnss3-1d-dbg\", ver:\"3.12.3.1-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"3.12.3.1-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-1d\", ver:\"3.12.3.1-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"3.12.3.1-0lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-28T18:25:53", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2009-1186", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122465", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122465", "title": "Oracle Linux Local Check: ELSA-2009-1186", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1186.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122465\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:45:56 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1186\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1186 - nspr and nss security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1186\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1186.html\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.4~1.el5_3.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.4~1.el5_3.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.99.3~1.0.1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.3.99.3~1.0.1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.12.3.99.3~1.0.1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.3.99.3~1.0.1.el5_3.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:02", "bulletinFamily": "scanner", "description": "The remote host is missing updates to Netscape Portable Runtime (NSPR)\nand Network Security Services (NSS) announced in advisory RHSA-2009:1207.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library used by browsers such as Mozilla Firefox to match\ncommon names in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running the browser. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in\nFirefox, the carefully-crafted certificate would need to be signed by a\nCertificate Authority trusted by Firefox, otherwise Firefox presents the\nvictim with a warning that the certificate is untrusted. Only if the user\nthen accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nFirefox, the attacker could use the certificate during a man-in-the-middle\nattack and potentially confuse Firefox into accepting it by mistake.\n(CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\nnow disables the use of MD2 and MD4 algorithms inside signatures by\ndefault. (CVE-2009-2409)\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "modified": "2018-04-06T00:00:00", "published": "2009-08-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064597", "id": "OPENVAS:136141256231064597", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:1207", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1207.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1207 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to Netscape Portable Runtime (NSPR)\nand Network Security Services (NSS) announced in advisory RHSA-2009:1207.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library used by browsers such as Mozilla Firefox to match\ncommon names in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running the browser. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in\nFirefox, the carefully-crafted certificate would need to be signed by a\nCertificate Authority trusted by Firefox, otherwise Firefox presents the\nvictim with a warning that the certificate is untrusted. Only if the user\nthen accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nFirefox, the attacker could use the certificate during a man-in-the-middle\nattack and potentially confuse Firefox into accepting it by mistake.\n(CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\nnow disables the use of MD2 and MD4 algorithms inside signatures by\ndefault. (CVE-2009-2409)\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64597\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1207\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1207.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.4~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.4~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.4~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.99.3~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.3.99.3~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.3.99.3~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.12.3.99.3~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.3.99.3~1.el5_2\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:51", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1184.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "modified": "2017-07-12T00:00:00", "published": "2009-08-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64508", "id": "OPENVAS:64508", "title": "RedHat Security Advisory RHSA-2009:1184", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1184.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1184 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1184.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nFor details on the issues addressed in this update, please visit\nthe referenced security advisories.\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64508);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-17 16:54:45 +0200 (Mon, 17 Aug 2009)\");\n script_cve_id(\"CVE-2009-2404\", \"CVE-2009-2408\", \"CVE-2009-2409\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Security Advisory RHSA-2009:1184\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1184.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#critical\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.7.4~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.7.4~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.7.4~1.el4_8.1\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.3.99.3~1.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.3.99.3~1.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.3.99.3~1.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.3.99.3~1.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:29", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1874-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nAugust 26, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : nss\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2009-2404 CVE-2009-2408 CVE-2009-2409\n\nSeveral vulnerabilities have been discovered in the Network Security\nService libraries. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2009-2404\n\n Moxie Marlinspike discovered that a buffer overflow in the regular\n expression parser could lead to the execution of arbitrary code.\n\nCVE-2009-2408\n\n Dan Kaminsky discovered that NULL characters in certificate\n names could lead to man-in-the-middle attacks by tricking the user\n into accepting a rogue certificate.\n\nCVE-2009-2409\n\n Certificates with MD2 hash signatures are no longer accepted\n since they're no longer considered cryptograhically secure.\n\n\nThe old stable distribution (etch) doesn't contain nss.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.12.3.1-0lenny1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.12.3.1-1.\n\nWe recommend that you upgrade your nss packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.dsc\n Size/MD5 checksum: 1401 1dbc1107598064214fa689733495c56c\n http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1.orig.tar.gz\n Size/MD5 checksum: 5320607 750839c9c018a0984fd94f7a9cc3dd7f\n http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.diff.gz\n Size/MD5 checksum: 52489 96f62370296f7d18a9748429ac99525f\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_alpha.deb\n Size/MD5 checksum: 3048842 6b764e28ae56542572a4275e50c4d303\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_alpha.deb\n Size/MD5 checksum: 267250 b00f4c63a8d27a54fb562029411daf0e\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_alpha.deb\n Size/MD5 checksum: 1204106 c8ba098d6cc0af39ab93cd728ca7bb19\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_alpha.deb\n Size/MD5 checksum: 342544 2191bbcd5708f719392c8489bde7a0c6\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_amd64.deb\n Size/MD5 checksum: 256944 7a31770b748ff56ba45ac55044960b6d\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_amd64.deb\n Size/MD5 checksum: 1069628 eea22c2ccef5375689fe581de8152a61\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_amd64.deb\n Size/MD5 checksum: 321374 1b86ac1f27fee3287f1418973595a4e9\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_amd64.deb\n Size/MD5 checksum: 3099080 f4112f9f06d87e6139097a27e1419664\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_arm.deb\n Size/MD5 checksum: 2900162 21604ffa61b7f5049f0f919030fec0f0\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_arm.deb\n Size/MD5 checksum: 1011344 78bc0d853274ca2fc9f36752ed9f9c51\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_arm.deb\n Size/MD5 checksum: 308766 e7547e80f6726b91611f9b92d83aa6b3\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_arm.deb\n Size/MD5 checksum: 254374 ead00e7f25c47cc4b8b1ed99801c4ab9\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_armel.deb\n Size/MD5 checksum: 257820 a17086cca6fdaf26e5a6b3fb84ae476d\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_armel.deb\n Size/MD5 checksum: 308198 f24e01f4b2396193a314a965555374e8\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_armel.deb\n Size/MD5 checksum: 1017054 d1086599e6a1904548804d538f90c810\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_armel.deb\n Size/MD5 checksum: 2923084 b5e1d56b749941124c8b91f063d44c19\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_hppa.deb\n Size/MD5 checksum: 263122 b611c51dae677b42befac5f2e638d941\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_hppa.deb\n Size/MD5 checksum: 347148 c725c156c6cd17d09421e066548c673d\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_hppa.deb\n Size/MD5 checksum: 1169014 d5858e4c11ca0b88f59c24af1a251eea\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_hppa.deb\n Size/MD5 checksum: 2948790 92a46a3cd9b2db3c7f0d07d817a03ba4\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_i386.deb\n Size/MD5 checksum: 957706 21a666157a0a208d8405df062b3276d2\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_i386.deb\n Size/MD5 checksum: 304016 9771905fcb4acd6855158c8645722762\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_i386.deb\n Size/MD5 checksum: 2913468 89b7116120a075a7795615d062bd7450\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_i386.deb\n Size/MD5 checksum: 254478 7747ea82c2d9e93c6a610d60094fb316\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_ia64.deb\n Size/MD5 checksum: 267008 94a0fe98c183a728df7e64826f8b2c46\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_ia64.deb\n Size/MD5 checksum: 410780 a834a4f57ddc003570c6eaaafbc87032\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_ia64.deb\n Size/MD5 checksum: 2797788 1a1f375f7713f69acdf01e77f779b28b\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_ia64.deb\n Size/MD5 checksum: 1489492 a468da7ac4219e564793d06978a6be07\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mips.deb\n Size/MD5 checksum: 257808 fc1a4db95e71876cf0ffbe0b49327148\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mips.deb\n Size/MD5 checksum: 3049346 fc35475e7157e1859c154556ecb648b3\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mips.deb\n Size/MD5 checksum: 318740 fbafbce5a6d9498d8cd1fe1d8f1eaebc\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mips.deb\n Size/MD5 checksum: 1038702 0723e7d8621b7d65517cc3945a9790be\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mipsel.deb\n Size/MD5 checksum: 1028286 81e4bcd025b2ee3996de08b9fdb0b23a\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mipsel.deb\n Size/MD5 checksum: 317082 8b16e198a97ffb60df698767fef8cc35\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mipsel.deb\n Size/MD5 checksum: 2999704 d1f9bf1211ec7aa9458dcdd673a4a709\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mipsel.deb\n Size/MD5 checksum: 257740 82ed6773d6e942a70f1274e4a241bdd9\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_powerpc.deb\n Size/MD5 checksum: 255174 6abcf8f6d427c29f704ca156dc201113\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_powerpc.deb\n Size/MD5 checksum: 1029684 997fec6bb01c10e9e3c6aa15f0f78386\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_powerpc.deb\n Size/MD5 checksum: 334590 1c8056037d5bccdad7977b49d3910065\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_powerpc.deb\n Size/MD5 checksum: 2946754 1739d7e55a79d8e85dc5e668180846ae\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_s390.deb\n Size/MD5 checksum: 1178522 0e72b044e78bca218a8d55c20c16e8d5\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_s390.deb\n Size/MD5 checksum: 3020690 7115f25dbf7c31c55e768d48a29c8b46\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_s390.deb\n Size/MD5 checksum: 258572 f8bf00777c295c76b0071a1354b011fa\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_s390.deb\n Size/MD5 checksum: 346234 accf6855c0b8ea6d087bf062b2ac1d7b\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_sparc.deb\n Size/MD5 checksum: 317482 f2f321d58890c1edb386ebc224ac052e\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_sparc.deb\n Size/MD5 checksum: 996192 cf17776aa8674a8c7e71527b6534b0e2\n http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_sparc.deb\n Size/MD5 checksum: 257464 2452b9eef9a3c0b786d4dc4afc2d16ae\n http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_sparc.deb\n Size/MD5 checksum: 2712012 910e98017dabb5adcc109f05f94b1a56\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-08-26T19:01:51", "published": "2009-08-26T19:01:51", "id": "DEBIAN:DSA-1874-1:56C30", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00192.html", "title": "[SECURITY] [DSA 1874-1] New nss packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:12:59", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2025-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nMarch 31, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : icedove \nVulnerability : several vulnerabilities \nProblem type : remote \nDebian-specific: no \nCVE IDs : CVE-2009-2408 CVE-2009-2404 CVE-2009-2463 \n CVE-2009-3072 CVE-2009-3075 CVE-2010-0163\n\nSeveral remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird mail client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:\n\nCVE-2009-2408\n\nDan Kaminsky and Moxie Marlinspike discovered that icedove does not\nproperly handle a '\\0' character in a domain name in the subject's\nCommon Name (CN) field of an X.509 certificate (MFSA 2009-42).\n\nCVE-2009-2404\n\nMoxie Marlinspike reported a heap overflow vulnerability in the code\nthat handles regular expressions in certificate names (MFSA 2009-43).\n\nCVE-2009-2463\n\nmonarch2020 discovered an integer overflow n a base64 decoding function\n(MFSA 2010-07).\n\nCVE-2009-3072\n\nJosh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).\n\nCVE-2009-3075\n\nCarsten Book reported a crash in the JavaScript engine (MFSA 2010-07).\n\nCVE-2010-0163\n\nLudovic Hirlimann reported a crash indexing some messages with\nattachments, which could lead to the execution of arbitrary code\n(MFSA 2010-07).\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.0.0.24-0lenny1.\n\nDue to a problem with the archive system it is not possible to release\nall architectures. The missing architectures will be installed into the\narchive once they become available.\n\nFor the testing distribution squeeze and the unstable distribution (sid),\nthese problems will be fixed soon.\n\n\nWe recommend that you upgrade your icedove packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24.orig.tar.gz\n Size/MD5 checksum: 35856543 3bf6e40cddf593ddc1a66b9e721f12b9\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.dsc\n Size/MD5 checksum: 1668 111c1a93c1ce498715e231272123f841\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.diff.gz\n Size/MD5 checksum: 103260 4661b0c8c170d58f844337699cb8ca1a\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_alpha.deb\n Size/MD5 checksum: 3723382 12c7fe63b0a5c59680ca36200a6f7d20\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_alpha.deb\n Size/MD5 checksum: 61132 c0f96569d4ea0f01cff3950572b3dda9\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_alpha.deb\n Size/MD5 checksum: 57375560 95a614e1cb620fad510eb51ae5cb37c5\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_alpha.deb\n Size/MD5 checksum: 13468190 03a629abf18130605927f5817b097bac\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_amd64.deb\n Size/MD5 checksum: 57584134 7d909c9f1b67d4758e290dc2c1dc01f2\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_amd64.deb\n Size/MD5 checksum: 3937168 de9dda16f94e696de897bec6c8d45f90\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_amd64.deb\n Size/MD5 checksum: 12384488 8d1632f7511c711a1d2ea940f7e451a2\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_amd64.deb\n Size/MD5 checksum: 59114 fae947071c0de6ebce316decbce61f9a\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_arm.deb\n Size/MD5 checksum: 3929902 5ab6f673b34770278270fb7862986b0b\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_arm.deb\n Size/MD5 checksum: 53746 c9c53e8a42d85fe5f4fa8e2a85e55629\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_arm.deb\n Size/MD5 checksum: 56491578 8eb38c6f99c501556506ac6790833941\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_arm.deb\n Size/MD5 checksum: 10943350 d7c0badfe9210ce5341eb17ab7e71ca2\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_hppa.deb\n Size/MD5 checksum: 3944678 2a9dc50b61420b4fdf8f3a4d378bb484\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_hppa.deb\n Size/MD5 checksum: 60554 7dcd739363cff3cc4bda659b82856536\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_hppa.deb\n Size/MD5 checksum: 58523174 6780e8f9de0f2ed0c3bd533d03853d85\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_hppa.deb\n Size/MD5 checksum: 13952170 88674f31191b07cd76ea5d366c545f1d\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_i386.deb\n Size/MD5 checksum: 10951904 52ce1587c6eb95b7f8b63ccedf224d88\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_i386.deb\n Size/MD5 checksum: 54838 101de9e837bea9391461074481bf770f\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_i386.deb\n Size/MD5 checksum: 3924810 6ecf3693cce2ae97fd0bbdafc1ff06f6\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_i386.deb\n Size/MD5 checksum: 56543048 73d1684cf69bed0441393abb46610433\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_ia64.deb\n Size/MD5 checksum: 3756914 615afd30bf893d2d32bbacedf1f7ff8e\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_ia64.deb\n Size/MD5 checksum: 16545566 0444c7198e94ab59e103e60bf86a2aa2\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_ia64.deb\n Size/MD5 checksum: 66302 f8800140b3797d4a4267a5dac0043995\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_ia64.deb\n Size/MD5 checksum: 57199564 5df5808f91ecdf6ac49f0e922b1a0234\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_powerpc.deb\n Size/MD5 checksum: 12112586 4b40106b68670c726624348c0cb8bd1f\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_powerpc.deb\n Size/MD5 checksum: 59511730 226cdd43af9dffb4132002044120769c\n http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_powerpc.deb\n Size/MD5 checksum: 56670 72e58731ac68f2c599704a3e7ca45d4c\n http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_powerpc.deb\n Size/MD5 checksum: 3942470 e8454d41a095226a2d252f10da795d96\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2010-03-31T08:42:01", "published": "2010-03-31T08:42:01", "id": "DEBIAN:DSA-2025-1:6CC79", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00065.html", "title": "[SECURITY] [DSA 2025-1] New icedove packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:41:25", "bulletinFamily": "unix", "description": "Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4. \n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library used by browsers such as Mozilla Firefox to match\ncommon names in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running the browser. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in\nFirefox, the carefully-crafted certificate would need to be signed by a\nCertificate Authority trusted by Firefox, otherwise Firefox presents the\nvictim with a warning that the certificate is untrusted. Only if the user\nthen accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nFirefox, the attacker could use the certificate during a man-in-the-middle\nattack and potentially confuse Firefox into accepting it by mistake.\n(CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\nnow disables the use of MD2 and MD4 algorithms inside signatures by\ndefault. (CVE-2009-2409)\n\nThese version upgrades also provide a fix for the following bug:\n\n* SSL client authentication failed against an Apache server when it was \nusing the mod_nss module and configured for NSSOCSP. On the client side,\nthe user agent received an error message that referenced \"Error Code:\n-12271\" and stated that establishing an encrypted connection had failed\nbecause the certificate had been rejected by the host.\n\nOn the server side, the nss_error_log under /var/log/httpd/ contained the\nfollowing message:\n\n[error] Re-negotiation handshake failed: Not accepted by client!?\n\nAlso, /var/log/httpd/error_log contained this error:\n\nSSL Library Error: -8071 The OCSP server experienced an internal error\n\nWith these updated packages, the dependency problem which caused this\nfailure has been resolved so that SSL client authentication with an\nApache web server using mod_nss which is configured for NSSOCSP succeeds\nas expected. Note that if the presented client certificate is expired,\nthen access is denied, the user agent is presented with an error message\nabout the invalid certificate, and the OCSP queries are seen in the OCSP\nresponder. Also, similar OCSP status verification happens for SSL server\ncertificates used in Apache upon instance start or restart. (BZ#508027)\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "modified": "2017-09-08T12:20:20", "published": "2009-07-30T04:00:00", "id": "RHSA-2009:1184", "href": "https://access.redhat.com/errata/RHSA-2009:1184", "type": "redhat", "title": "(RHSA-2009:1184) Critical: nspr and nss security and bug fix update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:41:13", "bulletinFamily": "unix", "description": "Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library used by browsers such as Mozilla Firefox to match\ncommon names in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running the browser. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in\nFirefox, the carefully-crafted certificate would need to be signed by a\nCertificate Authority trusted by Firefox, otherwise Firefox presents the\nvictim with a warning that the certificate is untrusted. Only if the user\nthen accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nFirefox, the attacker could use the certificate during a man-in-the-middle\nattack and potentially confuse Firefox into accepting it by mistake.\n(CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\nnow disables the use of MD2 and MD4 algorithms inside signatures by\ndefault. (CVE-2009-2409)\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "modified": "2017-07-28T19:01:15", "published": "2009-08-12T04:00:00", "id": "RHSA-2009:1207", "href": "https://access.redhat.com/errata/RHSA-2009:1207", "type": "redhat", "title": "(RHSA-2009:1207) Critical: nspr and nss security update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:55", "bulletinFamily": "unix", "description": "Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4. \n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library used by browsers such as Mozilla Firefox to match\ncommon names in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running the browser. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in\nFirefox, the carefully-crafted certificate would need to be signed by a\nCertificate Authority trusted by Firefox, otherwise Firefox presents the\nvictim with a warning that the certificate is untrusted. Only if the user\nthen accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nFirefox, the attacker could use the certificate during a man-in-the-middle\nattack and potentially confuse Firefox into accepting it by mistake.\n(CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\nnow disables the use of MD2 and MD4 algorithms inside signatures by\ndefault. (CVE-2009-2409)\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues and add an enhancement.", "modified": "2017-09-08T11:51:45", "published": "2009-07-30T04:00:00", "id": "RHSA-2009:1186", "href": "https://access.redhat.com/errata/RHSA-2009:1186", "type": "redhat", "title": "(RHSA-2009:1186) Critical: nspr and nss security, bug fix, and enhancement update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:19", "bulletinFamily": "unix", "description": "Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library linking.\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nThese updated packages upgrade NSS from the previous version, 3.12.2, to a\nprerelease of version 3.12.4. The version of NSPR has also been upgraded\nfrom 4.7.3 to 4.7.4.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library used by browsers such as Mozilla Firefox to match\ncommon names in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running the browser. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction in\nFirefox, the carefully-crafted certificate would need to be signed by a\nCertificate Authority trusted by Firefox, otherwise Firefox presents the\nvictim with a warning that the certificate is untrusted. Only if the user\nthen accepts the certificate will the overflow take place.\n\nDan Kaminsky discovered flaws in the way browsers such as Firefox handle\nNULL characters in a certificate. If an attacker is able to get a\ncarefully-crafted certificate signed by a Certificate Authority trusted by\nFirefox, the attacker could use the certificate during a man-in-the-middle\nattack and potentially confuse Firefox into accepting it by mistake.\n(CVE-2009-2408)\n\nDan Kaminsky found that browsers still accept certificates with MD2 hash\nsignatures, even though MD2 is no longer considered a cryptographically\nstrong algorithm. This could make it easier for an attacker to create a\nmalicious certificate that would be treated as trusted by a browser. NSS\nnow disables the use of MD2 and MD4 algorithms inside signatures by\ndefault. (CVE-2009-2409)\n\nThese version upgrades also provide fixes for the following bugs:\n\n* SSL client authentication failed against an Apache server when it was \nusing the mod_nss module and configured for NSSOCSP. On the client side,\nthe user agent received an error message that referenced \"Error Code:\n-12271\" and stated that establishing an encrypted connection had failed\nbecause the certificate had been rejected by the host.\n\nOn the server side, the nss_error_log under /var/log/httpd/ contained the\nfollowing message:\n\n[error] Re-negotiation handshake failed: Not accepted by client!?\n\nAlso, /var/log/httpd/error_log contained this error:\n\nSSL Library Error: -8071 The OCSP server experienced an internal error\n\nWith these updated packages, the dependency problem which caused this\nfailure has been resolved so that SSL client authentication with an\nApache web server using mod_nss which is configured for NSSOCSP succeeds\nas expected. Note that if the presented client certificate is expired,\nthen access is denied, the user agent is presented with an error message\nabout the invalid certificate, and the OCSP queries are seen in the OCSP\nresponder. Also, similar OCSP status verification happens for SSL server\ncertificates used in Apache upon instance start or restart. (BZ#508026)\n\n* NSS uses a software integrity test to detect code corruption. RPM\ntransactions and system link optimization daemons (such as prelink) can\nchange the contents of libraries, causing the software integrity test to\nfail. In combination with the updated prelink package (RHBA-2009:1041),\nthese updated packages can now prevent software integrity test failures.\n(BZ#495938)\n\nAll users of nspr and nss are advised to upgrade to these updated packages,\nwhich resolve these issues.", "modified": "2017-09-08T12:09:31", "published": "2009-07-31T04:00:00", "id": "RHSA-2009:1190", "href": "https://access.redhat.com/errata/RHSA-2009:1190", "type": "redhat", "title": "(RHSA-2009:1190) Critical: nspr and nss security and bug fix update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:43", "bulletinFamily": "unix", "description": "SeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library (provided by SeaMonkey) used to match common\nnames in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running SeaMonkey. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction, the\ncarefully-crafted certificate would need to be signed by a Certificate\nAuthority trusted by SeaMonkey, otherwise SeaMonkey presents the victim\nwith a warning that the certificate is untrusted. Only if the user then\naccepts the certificate will the overflow take place.\n\nAll SeaMonkey users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, SeaMonkey must be restarted for the update to take effect.", "modified": "2018-05-26T04:26:18", "published": "2009-07-30T04:00:00", "id": "RHSA-2009:1185", "href": "https://access.redhat.com/errata/RHSA-2009:1185", "type": "redhat", "title": "(RHSA-2009:1185) Critical: seamonkey security update", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:41:03", "bulletinFamily": "unix", "description": " \nnspr:\r\n \n[4.7.4-1.el5_3.1]\r\n- create z-stream version\r\n \n[4.7.4-1]\r\n- Update to NSPR 4.7.4\r\n \nnss:\r\n \n[3.12.3.99.3-1.el5_3.2]\r\n- adjust ssl cipher count constant (bug 505650)\r\n \n[3.12.3.99.3-1.el5_3.1]\r\n- create z-stream version\r\n \n[3.12.3.99.3-1]\r\n- updated to NSS_3_12_4_FIPS1_WITH_CKBI_1_75\r\n \n[3.12.3-5]\r\n- updated patch to seckey\r\n \n[3.12.3-4]\r\n- add a patch to seckey\r\n \n[3.12.3-3]\r\n- remove references to SEED\r\n \n[3.12.3-2]\r\n- update to NSS 3.12.3", "modified": "2009-07-30T00:00:00", "published": "2009-07-30T00:00:00", "id": "ELSA-2009-1184", "href": "http://linux.oracle.com/errata/ELSA-2009-1184.html", "title": "nspr and nss security and bug fix update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2017-06-08T02:18:14", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 479877 (BIG-IP) and ID 482088 (Enterprise Manager) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| None \nBIG-IP AAM| None| 11.4.0 - 11.6.0| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| None \nBIG-IP APM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None \nBIG-IP ASM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| None \nBIG-IP Link Controller| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| None \nBIG-IP PEM| None| 11.3.0 - 11.6.0| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nARX| None| 6.0.0 - 6.4.0| None \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| None| 4.0.0 - 4.4.0| None \nBIG-IQ Device| None| 4.2.0 - 4.4.0| None \nBIG-IQ Security| None| 4.0.0 - 4.4.0| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-03-14T22:05:00", "published": "2014-10-10T00:13:00", "href": "https://support.f5.com/csp/article/K15663", "id": "F5:K15663", "title": "MD2 Message-Digest Algorithm vulnerability CVE-2009-2409", "type": "f5", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:22:52", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-07-01T00:00:00", "published": "2014-10-09T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/600/sol15663.html", "id": "SOL15663", "title": "SOL15663 - MD2 Message-Digest Algorithm vulnerability CVE-2009-2409", "type": "f5", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "description": "Certificate spoofing, buffer overflow, code execution.", "modified": "2009-08-07T00:00:00", "published": "2009-08-07T00:00:00", "id": "SECURITYVULNS:VULN:10121", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10121", "title": "Mozilla Firefox, Thunderbird, SeaMonkey, NSS multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "description": "Mozilla Foundation Security Advisory 2009-43\r\n\r\nTitle: Heap overflow in certificate regexp parsing\r\nImpact: Critical\r\nAnnounced: August 1, 2009\r\nReporter: Moxie Marlinspike\r\nProducts: Firefox, Thunderbird, SeaMonkey, NSS\r\n\r\nFixed in: Firefox 3.5\r\n NSS 3.12.3\r\nDescription\r\n\r\nMoxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. This code provided compatibility with the non-standard regular expression syntax historically supported by Netscape clients and servers. With version 3.5 Firefox switched to the more limited industry-standard wildcard syntax instead and is not vulnerable to this flaw.\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=504456\r\n * CVE-2009-2404\r\n", "modified": "2009-08-07T00:00:00", "published": "2009-08-07T00:00:00", "id": "SECURITYVULNS:DOC:22254", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22254", "title": "Mozilla Foundation Security Advisory 2009-43", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:25", "bulletinFamily": "unix", "description": "\nMozilla Project reports:\n\nMFSA 2009-38: Data corruption with SOCKS5 reply containing DNS name\n\t longer than 15 characters\nMFSA 2009-42: Compromise of SSL-protected communication\nMFSA 2009-43: Heap overflow in certificate regexp parsing\nMFSA 2009-44: Location bar and SSL indicator spoofing via window.open()\n\t on invalid URL\nMFSA 2009-45: Crashes with evidence of memory corruption\n\t (rv:1.9.1.2/1.9.0.13)\nMFSA 2009-46: Chrome privilege escalation due to incorrectly cached\n\t wrapper\n\n", "modified": "2009-09-04T00:00:00", "published": "2009-08-03T00:00:00", "id": "49E8F2EE-8147-11DE-A994-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/49e8f2ee-8147-11de-a994-0030843d3802.html", "title": "mozilla -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:06", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:1185\n\n\nSeaMonkey is an open source Web browser, email and newsgroup client, IRC\nchat client, and HTML editor.\n\nMoxie Marlinspike reported a heap overflow flaw in a regular expression\nparser in the NSS library (provided by SeaMonkey) used to match common\nnames in certificates. A malicious website could present a\ncarefully-crafted certificate in such a way as to trigger the heap\noverflow, leading to a crash or, possibly, arbitrary code execution with\nthe permissions of the user running SeaMonkey. (CVE-2009-2404)\n\nNote: in order to exploit this issue without further user interaction, the\ncarefully-crafted certificate would need to be signed by a Certificate\nAuthority trusted by SeaMonkey, otherwise SeaMonkey presents the victim\nwith a warning that the certificate is untrusted. Only if the user then\naccepts the certificate will the overflow take place.\n\nAll SeaMonkey users should upgrade to these updated packages, which contain\na backported patch to correct this issue. After installing the updated\npackages, SeaMonkey must be restarted for the update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/016060.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/016061.html\n\n**Affected packages:**\nseamonkey\nseamonkey-chat\nseamonkey-devel\nseamonkey-dom-inspector\nseamonkey-js-debugger\nseamonkey-mail\nseamonkey-nspr\nseamonkey-nspr-devel\nseamonkey-nss\nseamonkey-nss-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1185.html", "modified": "2009-07-31T01:34:28", "published": "2009-07-31T01:33:31", "href": "http://lists.centos.org/pipermail/centos-announce/2009-July/016060.html", "id": "CESA-2009:1185", "title": "seamonkey security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:41:46", "bulletinFamily": "exploit", "description": "Bugraq ID: 35891\r\nCVE ID\uff1aCVE-2009-2404\r\n\r\nMozilla SeaMonkey\u662f\u4e00\u6b3e\u5f00\u6e90\u7684WEB\u5e94\u7528\u7a0b\u5e8f\u5957\u4ef6\u3002\r\nMozilla SeaMonkey\u5904\u7406\u7528\u4e8e\u5339\u914dSSL\u8bc1\u4e66\u4e2d\u7684\u516c\u7528\u540d\u7684\u89c4\u5219\u8868\u8fbe\u5f0f\u4ee3\u7801\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4ee5\u5e94\u7528\u7a0b\u5e8f\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\u6784\u5efa\u6076\u610f\u7684\u8bc1\u4e66\uff0c\u8bf1\u4f7f\u7528\u6237\u4f7f\u7528Mozilla SeaMonkey\u5904\u7406\u53ef\u89e6\u53d1\u6b64\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u8981\u5229\u7528\u6b64\u6f0f\u6d1e\u9700\u8981\u4f7fSeaMonkey\u8ba4\u4e3a\u8fd9\u4e2a\u8bc1\u4e66\u53ef\u4fe1\uff0c\u5426\u5219\u4f1a\u663e\u793a\u8b66\u544a\u6d88\u606f\u3002\n\nRedHat Enterprise Linux WS 4\r\nRedHat Enterprise Linux WS 3\r\nRedHat Enterprise Linux ES 4\r\nRedHat Enterprise Linux ES 3\r\nRedHat Enterprise Linux Desktop Workstation 5 client\r\nRedHat Enterprise Linux Desktop 5 client\r\nRedHat Enterprise Linux AS 4\r\nRedHat Enterprise Linux AS 3\r\nRedHat Enterprise Linux Desktop version 4\r\nRedHat Enterprise Linux 5 server\r\nRedHat Desktop 3.0\r\nMozilla SeaMonkey 1.0.8\r\nMozilla SeaMonkey 1.0.7\r\nMozilla SeaMonkey 1.0.6\r\nMozilla SeaMonkey 1.0.5\r\nMozilla SeaMonkey 1.0.3\r\nMozilla SeaMonkey 1.0.2\r\nMozilla SeaMonkey 1.0.1\r\nMozilla SeaMonkey 1.0 dev\r\nMozilla SeaMonkey 1.0\r\nMozilla Network Security Services (NSS) 3.12.2\r\nMozilla Network Security Services (NSS) 3.11.3\r\nMozilla Network Security Services (NSS) 3.9.2\r\nMozilla Network Security Services (NSS) 3.9\r\n+ Mozilla Browser 1.5\r\nMozilla Network Security Services (NSS) 3.8\r\n+ Galeon Galeon Browser 1.2.13\r\n+ Mozilla Browser 1.4.1\r\n+ Mozilla Browser 1.4.1\r\n+ Mozilla Browser 1.4 b\r\n+ Mozilla Browser 1.4 b\r\n+ Mozilla Browser 1.4 a\r\n+ Mozilla Browser 1.4 a\r\n+ Mozilla Browser 1.4\r\n+ Mozilla Browser 1.4\r\nMozilla Network Security Services (NSS) 3.7.7\r\nMozilla Network Security Services (NSS) 3.7.5\r\nMozilla Network Security Services (NSS) 3.7.3\r\nMozilla Network Security Services (NSS) 3.7.2\r\nMozilla Network Security Services (NSS) 3.7.1\r\nMozilla Network Security Services (NSS) 3.7\r\nMozilla Network Security Services (NSS) 3.6.1\r\nMozilla Network Security Services (NSS) 3.6\r\nMozilla Network Security Services (NSS) 3.6\r\nMozilla Network Security Services (NSS) 3.5\r\nMozilla Network Security Services (NSS) 3.4.2\r\nMozilla Network Security Services (NSS) 3.4.1\r\nMozilla Network Security Services (NSS) 3.4\r\nMozilla Network Security Services (NSS) 3.3.2\r\nMozilla Network Security Services (NSS) 3.3.1\r\nMozilla Network Security Services (NSS) 3.3\r\nMozilla Network Security Services (NSS) 3.2.1\r\nMozilla Network Security Services (NSS) 3.2\r\nMozilla Network Security Services (NSS) 3.12\r\nMozilla Network Security Services (NSS) 3.11\r\n \n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u6700\u65b0\u7a0b\u5e8fMozilla SeaMonkey 1.0.9\uff1a\r\nhttp://www.mozilla.org/projects/seamonkey/", "modified": "2009-07-31T00:00:00", "published": "2009-07-31T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11949", "id": "SSV:11949", "type": "seebug", "title": "Mozilla SeaMonkey\u89c4\u5219\u8868\u8fbe\u5f0f\u89e3\u6790\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T23:08:55", "bulletinFamily": "info", "description": "Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and \nSafari before 4.0.3, allows remote attackers to execute arbitrary code \nor cause a denial of service (application crash) via an image with \ncrafted EXIF metadata.\n\nApple Safari, possibly before 4.0.3, on Mac \nOS X does not properly handle a?\u2019\u2019 character in a domain name in the \nsubject\u2019s Common Name (CN) field of an X.509 certificate, which allows \nman-in-the-middle attackers to spoof arbitrary SSL servers via a \ncrafted certificate issued by a legitimate Certification?Authority, a \nrelated issue to CVE-2009-2408.\n\nBuffer overflow in ImageIO in \nApple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows \nremote attackers to execute arbitrary code or cause a denial of service \n(application crash) via an image with crafted EXIF metadata. \n", "modified": "2018-07-03T08:39:13", "published": "2009-12-29T21:50:26", "id": "THREATPOST:E8934170DFDD56E0C8B8F5EA86038B74", "href": "https://threatpost.com/apple-safari/91658/", "type": "threatpost", "title": "Apple Safari", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
