Executive Summary
Summary | |
---|---|
Title | nss security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0862 | First vendor Publication | 2010-11-10 |
Vendor | RedHat | Last vendor Modification | 2010-11-10 |
Severity (Vendor) | Low | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the development of security-enabled client and server applications. A flaw was found in the way NSS matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. NSS incorrectly accepted connections to IP addresses that fell within the SSL certificate's wildcard range as valid SSL connections, possibly allowing an attacker to conduct a man-in-the-middle attack. (CVE-2010-3170) All NSS users should upgrade to these updated packages, which provide NSS version 3.12.8 to resolve this issue. After installing the update, applications using NSS must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 630047 - CVE-2010-3170 firefox/nss: doesn't handle IP-based wildcards in X509 certificates safely 642410 - nss update needed for firefox |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0862.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-310 | Cryptographic Issues |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12254 | |||
Oval ID: | oval:org.mitre.oval:def:12254 | ||
Title: | SSL Server X.509 Certificate Spoofing Vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 | ||
Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3170 | Version: | 21 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20226 | |||
Oval ID: | oval:org.mitre.oval:def:20226 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3170 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21848 | |||
Oval ID: | oval:org.mitre.oval:def:21848 | ||
Title: | RHSA-2010:0862: nss security update (Low) | ||
Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0862-02 CVE-2010-3170 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | nss nss-softokn nss-util |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23275 | |||
Oval ID: | oval:org.mitre.oval:def:23275 | ||
Title: | ELSA-2010:0862: nss security update (Low) | ||
Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0862-02 CVE-2010-3170 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | nss nss-softokn nss-util |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27951 | |||
Oval ID: | oval:org.mitre.oval:def:27951 | ||
Title: | DEPRECATED: ELSA-2010-0862 -- nss security update (low) | ||
Description: | nss: [3.12.8-1.0.1.el6] - Update expired PayPalEE.cert to fix build failure - Use blank image instead of clean.gif in nss-3.12.8-stripped.tar.bz2 [3.12.8-1] - Update to 3.12.8 nss-softokn: [3.12.8-1] - Update to 3.12.8 nss-util: [3.12.7-1] - Update to 3.12.7 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0862 CVE-2010-3170 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | nss nss-softokn nss-util |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for firefox CESA-2010:0782 centos5 i386 File : nvt/gb_CESA-2010_0782_firefox_centos5_i386.nasl |
2010-12-02 | Name : Fedora Update for nss FEDORA-2010-15897 File : nvt/gb_fedora_2010_15897_nss_fc14.nasl |
2010-12-02 | Name : Fedora Update for nss-util FEDORA-2010-15897 File : nvt/gb_fedora_2010_15897_nss-util_fc14.nasl |
2010-12-02 | Name : Fedora Update for nss-softokn FEDORA-2010-15897 File : nvt/gb_fedora_2010_15897_nss-softokn_fc14.nasl |
2010-11-17 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox52.nasl |
2010-11-17 | Name : Debian Security Advisory DSA 2123-1 (nss) File : nvt/deb_2123_1.nasl |
2010-11-16 | Name : SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2010:056 File : nvt/gb_suse_2010_056.nasl |
2010-11-16 | Name : Fedora Update for nss FEDORA-2010-15989 File : nvt/gb_fedora_2010_15989_nss_fc12.nasl |
2010-11-16 | Name : Fedora Update for nss-util FEDORA-2010-15989 File : nvt/gb_fedora_2010_15989_nss-util_fc12.nasl |
2010-11-16 | Name : Fedora Update for nss-softokn FEDORA-2010-15989 File : nvt/gb_fedora_2010_15989_nss-softokn_fc12.nasl |
2010-11-04 | Name : Fedora Update for nss FEDORA-2010-15520 File : nvt/gb_fedora_2010_15520_nss_fc13.nasl |
2010-11-04 | Name : Fedora Update for nss-util FEDORA-2010-15520 File : nvt/gb_fedora_2010_15520_nss-util_fc13.nasl |
2010-11-04 | Name : Fedora Update for nss-softokn FEDORA-2010-15520 File : nvt/gb_fedora_2010_15520_nss-softokn_fc13.nasl |
2010-11-04 | Name : CentOS Update for firefox CESA-2010:0782 centos4 i386 File : nvt/gb_CESA-2010_0782_firefox_centos4_i386.nasl |
2010-11-04 | Name : CentOS Update for seamonkey CESA-2010:0781 centos4 i386 File : nvt/gb_CESA-2010_0781_seamonkey_centos4_i386.nasl |
2010-11-04 | Name : CentOS Update for seamonkey CESA-2010:0781 centos3 i386 File : nvt/gb_CESA-2010_0781_seamonkey_centos3_i386.nasl |
2010-10-28 | Name : Mozilla Products Multiple Vulnerabilities October-10 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_oct10.nasl |
2010-10-26 | Name : Mandriva Update for firefox MDVSA-2010:210 (firefox) File : nvt/gb_mandriva_MDVSA_2010_210.nasl |
2010-10-22 | Name : RedHat Update for firefox RHSA-2010:0782-01 File : nvt/gb_RHSA-2010_0782-01_firefox.nasl |
2010-10-22 | Name : RedHat Update for seamonkey RHSA-2010:0781-01 File : nvt/gb_RHSA-2010_0781-01_seamonkey.nasl |
2010-10-22 | Name : Ubuntu Update for nss vulnerabilities USN-1007-1 File : nvt/gb_ubuntu_USN_1007_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68079 | Mozilla Multiple Products SSL Certificate IP Address Wildcard Matching Weakness |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-12-01 | IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana... Severity : Category I - VMSKEY : V0030769 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libfreebl3-100930.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-101029.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0862.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0782.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0781.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101019_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101019_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_nss_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2011-10-28 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-101103.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libfreebl3-101018.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner191-101118.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0782.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0781.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0862.nasl - Type : ACT_GATHER_INFO |
2010-11-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nspr-7196.nasl - Type : ACT_GATHER_INFO |
2010-11-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7208.nasl - Type : ACT_GATHER_INFO |
2010-11-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-15989.nasl - Type : ACT_GATHER_INFO |
2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-101028.nasl - Type : ACT_GATHER_INFO |
2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
2010-11-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2123.nasl - Type : ACT_GATHER_INFO |
2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-101028.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-15897.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libfreebl3-100930.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-101022.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libfreebl3-100930.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-15520.nasl - Type : ACT_GATHER_INFO |
2010-10-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-210.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_209.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c4f067b9dc4a11df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_309.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1007-1.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3514.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3611.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_315.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0782.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0781.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:54:02 |
|