This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote SuSE 11 host is missing one or more security updates.
Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate
- Antoine Delignat-Lavaud, security researcher at Inria
Paris in team Prosecco, reported an issue in Network
Security Services (NSS) libraries affecting all
versions. He discovered that NSS is vulnerable to a
variant of a signature forgery attack previously
published by Daniel Bleichenbacher. This is due to
lenient parsing of ASN.1 values involved in a signature
and could lead to the forging of RSA certificates. (MFSA
2014-73 / CVE-2014-1568)
The Advanced Threat Research team at Intel Security also independently
discovered and reported this issue.
See also :
Apply SAT patch number 9777.
Risk factor :
High / CVSS Base Score : 7.5