Amazon Linux AMI : nss Man-in-the-middle Vulnerability (ALAS-2013-149)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

It was found that a Certificate Authority (CA) mis-issued two
intermediate certificates to customers. These certificates could be
used to launch man-in-the-middle attacks. This update renders those
certificates as untrusted. This covers all uses of the certificates,
including SSL, S/MIME, and code signing.

Note: This fix only applies to applications using the NSS Builtin
Object Token. It does not render the certificates untrusted for
applications that use the NSS library, but do not use the NSS Builtin
Object Token.

See also :

http://www.nessus.org/u?d04251b7

Solution :

Run 'yum update nss' to update your system.

Risk factor :

High

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69708 ()

Bugtraq ID:

CVE ID: