Lucene search

K
ubuntuUbuntuUSN-4417-2
HistoryJul 06, 2020 - 12:00 a.m.

NSS vulnerability

2020-07-0600:00:00
ubuntu.com
43

CVSS2

1.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

29.0%

Releases

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04

Packages

  • nss - Network Security Service library

Details

USN-4417-1 fixed a vulnerability in NSS. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Cesar Pereida, Billy Bob Brumley, Yuval Yarom, and Nicola Tuveri discovered
that NSS incorrectly handled RSA key generation. A local attacker could
possibly use this issue to perform a timing attack and recover RSA keys.

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchlibnss3< 2:3.28.4-0ubuntu0.14.04.5+esm6UNKNOWN
Ubuntu14.04noarchlibnss3< 2:3.28.4-0ubuntu0.14.04.5UNKNOWN
Ubuntu14.04noarchlibnss3-1d< 2:3.28.4-0ubuntu0.14.04.5UNKNOWN
Ubuntu14.04noarchlibnss3-dbg< 2:3.28.4-0ubuntu0.14.04.5UNKNOWN
Ubuntu14.04noarchlibnss3-dbgsym< 2:3.28.4-0ubuntu0.14.04.5UNKNOWN
Ubuntu14.04noarchlibnss3-dev< 2:3.28.4-0ubuntu0.14.04.5UNKNOWN
Ubuntu14.04noarchlibnss3-tools< 2:3.28.4-0ubuntu0.14.04.5UNKNOWN
Ubuntu14.04noarchlibnss3-tools-dbgsym< 2:3.28.4-0ubuntu0.14.04.5UNKNOWN
Ubuntu12.04noarchlibnss3< 2:3.28.4-0ubuntu0.12.04.9UNKNOWN

CVSS2

1.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:N/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

29.0%