Lucene search

K
osvGoogleOSV:DSA-2123-1
HistoryNov 01, 2010 - 12:00 a.m.

nss - cryptographic weaknesses

2010-11-0100:00:00
Google
osv.dev
38
nss
cryptographic weaknesses
x.509 certificate
man-in-the-middle
ssl servers
diffie-hellman ephemeral
brute-force attack
remote attackers
cryptographic protection mechanisms
upgrade
software

EPSS

0.009

Percentile

82.8%

Several vulnerabilities have been discovered in Mozilla’s Network
Security Services (NSS) library. The Common Vulnerabilities and
Exposures project identifies the following problems:

  • CVE-2010-3170
    NSS recognizes a wildcard IP address in the subject’s Common
    Name field of an X.509 certificate, which might allow
    man-in-the-middle attackers to spoof arbitrary SSL servers via
    a crafted certificate issued by a legitimate Certification
    Authority.
  • CVE-2010-3173
    NSS does not properly set the minimum key length for
    Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
    remote attackers to defeat cryptographic protection mechanisms
    via a brute-force attack.

For the stable distribution (lenny), these problems have been fixed in
version 3.12.3.1-0lenny2.

For the unstable distribution (sid) and the upcoming stable
distribution (squeeze), these problems have been fixed in version
3.12.8-1.

We recommend that you upgrade your NSS packages.