This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote EulerOS host is missing multiple security updates.
According to the versions of the nss nspr nss-softokn nss-util
packages installed, the EulerOS installation on the remote host is
affected by the following vulnerabilities :
- A use-after-free flaw was found in the way NSS handled
DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic
Curve Diffie-Hellman key exchange) handshake messages.
A remote attacker could send a specially crafted
handshake message that, when parsed by an application
linked against NSS, would cause that application to
crash or, under certain special conditions, execute
arbitrary code using the permissions of the user
running the application.(CVE-2016-1978)
- A use-after-free flaw was found in the way NSS
processed certain DER (Distinguished Encoding Rules)
encoded cryptographic keys. An attacker could use this
flaw to create a specially crafted DER encoded
certificate which, when parsed by an application
compiled against the NSS library, could cause that
application to crash, or execute arbitrary code using
the permissions of the user running the application.
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
See also :
Update the affected nss
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false