Mandriva Linux Security Advisory : nss (MDVSA-2015:059)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been found and corrected in the Mozilla
NSS and NSPR packages :

The cert_TestHostName function in lib/certdb/certdb.c in the
certificate-checking implementation in Mozilla Network Security
Services (NSS) before 3.16 accepts a wildcard character that is
embedded in an internationalized domain name's U-label, which might
allow man-in-the-middle attackers to spoof SSL servers via a crafted
certificate (CVE-2014-1492).

Use-after-free vulnerability in the CERT_DestroyCertificate function
in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used
in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird
before 24.7, allows remote attackers to execute arbitrary code via
vectors that trigger certain improper removal of an NSSCertificate
structure from a trust domain (CVE-2014-1544).

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before
3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before
32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1,
Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla
SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows
and OS X, and Google Chrome OS before 37.0.2062.120, does not properly
parse ASN.1 values in X.509 certificates, which makes it easier for
remote attackers to spoof RSA signatures via a crafted certificate,
aka a signature malleability issue (CVE-2014-1568).

The definite_length_decoder function in lib/util/quickder.c in Mozilla
Network Security Services (NSS) before 3.16.2.4 and 3.17.x before
3.17.3 does not ensure that the DER encoding of an ASN.1 length is
properly formed, which allows remote attackers to conduct
data-smuggling attacks by using a long byte sequence for an encoding,
as demonstrated by the SEC_QuickDERDecodeItem function's improper
handling of an arbitrary-length encoding of 0x00 (CVE-2014-1569).

Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote
attackers to execute arbitrary code or cause a denial of service
(out-of-bounds write) via vectors involving the sprintf and console
functions (CVE-2014-1545).

The sqlite3 packages have been upgraded to the 3.8.6 version due to an
prerequisite to nss-3.17.x.

Additionally the rootcerts package has also been updated to the latest
version as of 2014-11-17, which adds, removes, and distrusts several
certificates.

The updated packages provides a solution for these security issues.

See also :

http://www.nessus.org/u?b157b539
http://www.nessus.org/u?a9bc9e12
http://www.nessus.org/u?d0ee8a6e
http://www.nessus.org/u?37a5d820
http://www.nessus.org/u?10a22496
http://www.nessus.org/u?8d0a4a5b
http://www.nessus.org/u?6d78ddde
http://www.nessus.org/u?5cabce5f
http://www.nessus.org/u?8ce2e69d
https://www.mozilla.org/en-US/security/advisories/mfsa2014-55/

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 81942 ()

Bugtraq ID:

CVE ID: CVE-2014-1492
CVE-2014-1544
CVE-2014-1545
CVE-2014-1568
CVE-2014-1569

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now