This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200610-06
(Mozilla Network Security Service (NSS): RSA signature forgery)
Daniel Bleichenbacher discovered that it might be possible to forge
signatures signed by RSA keys with the exponent of 3. This affects a
number of RSA signature implementations, including Mozilla's NSS.
Since several Certificate Authorities (CAs) are using an exponent of 3
it might be possible for an attacker to create a key with a false CA
signature. This impacts any software using the NSS library, like the
Mozilla products Firefox, Thunderbird and SeaMonkey.
There is no known workaround at this time.
See also :
All NSS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-libs/nss-3.11.3'
Note: As usual after updating a library, you should run
'revdep-rebuild' (from the app-portage/gentoolkit package) to ensure
that all applications linked to it are properly rebuilt.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false
Family: Gentoo Local Security Checks
Nessus Plugin ID: 22892 (gentoo_GLSA-200610-06.nasl)
Bugtraq ID: 19849
CVE ID: CVE-2006-4339CVE-2006-4340
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.