Lucene search

K
ubuntuUbuntuUSN-4417-1
HistoryJul 06, 2020 - 12:00 a.m.

NSS vulnerability

2020-07-0600:00:00
ubuntu.com
47

CVSS2

1.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

29.0%

Releases

  • Ubuntu 20.04 LTS
  • Ubuntu 19.10
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM

Packages

  • nss - Network Security Service library

Details

Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered
that NSS incorrectly handled RSA key generation. A local attacker could
possibly use this issue to perform a timing attack and recover RSA keys.

OSVersionArchitecturePackageVersionFilename
Ubuntu20.04noarchlibnss3< 2:3.49.1-1ubuntu1.2UNKNOWN
Ubuntu20.04noarchlibnss3-dbgsym< 2:3.49.1-1ubuntu1.2UNKNOWN
Ubuntu20.04noarchlibnss3-dev< 2:3.49.1-1ubuntu1.2UNKNOWN
Ubuntu20.04noarchlibnss3-tools< 2:3.49.1-1ubuntu1.2UNKNOWN
Ubuntu20.04noarchlibnss3-tools-dbgsym< 2:3.49.1-1ubuntu1.2UNKNOWN
Ubuntu19.10noarchlibnss3< 2:3.45-1ubuntu2.4UNKNOWN
Ubuntu19.10noarchlibnss3-dbgsym< 2:3.45-1ubuntu2.4UNKNOWN
Ubuntu19.10noarchlibnss3-dev< 2:3.45-1ubuntu2.4UNKNOWN
Ubuntu19.10noarchlibnss3-tools< 2:3.45-1ubuntu2.4UNKNOWN
Ubuntu19.10noarchlibnss3-tools-dbgsym< 2:3.45-1ubuntu2.4UNKNOWN
Rows per page:
1-10 of 221

CVSS2

1.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

29.0%