This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
A vulnerability has been discovered and corrected in Mozilla NSS :
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla
Network Security Services (NSS) before 3.15.4, when the TLS False
Start feature is enabled, allows man-in-the-middle attackers to spoof
SSL servers by using an arbitrary X.509 certificate during certain
handshake traffic (CVE-2013-1740).
The updated packages have been upgraded to the 3.15.4 version which is
not vulnerable to this issue.
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 5.0
Public Exploit Available : true