Mandriva Linux Security Advisory : nss (MDVSA-2015:059)

critical Nessus Plugin ID 81942

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Multiple vulnerabilities has been found and corrected in the Mozilla NSS and NSPR packages :

The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate (CVE-2014-1492).

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain (CVE-2014-1544).

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a signature malleability issue (CVE-2014-1568).

The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00 (CVE-2014-1569).

Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions (CVE-2014-1545).

The sqlite3 packages have been upgraded to the 3.8.6 version due to an prerequisite to nss-3.17.x.

Additionally the rootcerts package has also been updated to the latest version as of 2014-11-17, which adds, removes, and distrusts several certificates.

The updated packages provides a solution for these security issues.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?b157b539

https://www.mozilla.org/en-US/security/advisories/mfsa2014-55/

http://www.nessus.org/u?a9bc9e12

http://www.nessus.org/u?d0ee8a6e

http://www.nessus.org/u?37a5d820

http://www.nessus.org/u?10a22496

http://www.nessus.org/u?8d0a4a5b

http://www.nessus.org/u?6d78ddde

http://www.nessus.org/u?5cabce5f

http://www.nessus.org/u?8ce2e69d

Plugin Details

Severity: Critical

ID: 81942

File Name: mandriva_MDVSA-2015-059.nasl

Version: 1.4

Type: local

Published: 3/19/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lemon, p-cpe:/a:mandriva:linux:lib64nspr-devel, p-cpe:/a:mandriva:linux:lib64nspr4, p-cpe:/a:mandriva:linux:lib64nss-devel, p-cpe:/a:mandriva:linux:lib64nss-static-devel, p-cpe:/a:mandriva:linux:lib64nss3, p-cpe:/a:mandriva:linux:lib64sqlite3-devel, p-cpe:/a:mandriva:linux:lib64sqlite3-static-devel, p-cpe:/a:mandriva:linux:lib64sqlite3_0, p-cpe:/a:mandriva:linux:nss, p-cpe:/a:mandriva:linux:nss-doc, p-cpe:/a:mandriva:linux:rootcerts, p-cpe:/a:mandriva:linux:rootcerts-java, p-cpe:/a:mandriva:linux:sqlite3-tcl, p-cpe:/a:mandriva:linux:sqlite3-tools, cpe:/o:mandriva:business_server:2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 3/13/2015

Reference Information

CVE: CVE-2014-1492, CVE-2014-1544, CVE-2014-1545, CVE-2014-1568, CVE-2014-1569

MDVSA: 2015:059