Detections
Analytics
Debian DSA-1874-1 : nss - several vulnerabilities
high Nessus Plugin ID 44739
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems :- CVE-2009-2404 Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the execution of arbitrary code.
- CVE-2009-2408 Dan Kaminsky discovered that NULL characters in certificate names could lead to man-in-the-middle attacks by tricking the user into accepting a rogue certificate.
- CVE-2009-2409 Certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptograhically secure.
Solution
Upgrade the nss packages.The old stable distribution (etch) doesn't contain nss.
For the stable distribution (lenny), these problems have been fixed in version 3.12.3.1-0lenny1.
See Also
https://security-tracker.debian.org/tracker/CVE-2009-2404
https://security-tracker.debian.org/tracker/CVE-2009-2408
Plugin Details
Severity: High
ID: 44739
File Name: debian_DSA-1874.nasl
Version: 1.19
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 2/24/2010
Updated: 1/4/2021
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:nss, cpe:/o:debian:debian_linux:5.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 8/26/2009