Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : nss vulnerabilities (USN-1007-1)
High Nessus Plugin ID 50081
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionRichard Moore discovered that NSS would sometimes incorrectly match an SSL certificate which had a Common Name that used a wildcard followed by a partial IP address. While it is very unlikely that a Certificate Authority would issue such a certificate, if an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2010-3170)
Nelson Bolyard discovered a weakness in the Diffie-Hellman Ephemeral mode (DHE) key exchange implementation which allowed servers to use a too small key length. (CVE-2010-3173).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected packages.