Executive Summary
Summary | |
---|---|
Title | nss security update |
Informations | |||
---|---|---|---|
Name | RHSA-2013:1840 | First vendor Publication | 2013-12-16 |
Vendor | RedHat | Last vendor Modification | 2013-12-16 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.3, and 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Compute Node EUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Compute Node EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.3) - x86_64 Red Hat Enterprise Linux Compute Node Optional EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.2) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 6.4) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.2) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.3) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.4) - i386, ppc64, s390x, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) All NSS users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2013-1840.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:19140 | |||
Oval ID: | oval:org.mitre.oval:def:19140 | ||
Title: | DSA-2800-1 nss - buffer overflow | ||
Description: | Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library (nss). With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2800-1 CVE-2013-5605 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | nss |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19731 | |||
Oval ID: | oval:org.mitre.oval:def:19731 | ||
Title: | Null Cipher buffer overflow | ||
Description: | Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-5605 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-11-21 | IAVM : 2013-A-0220 - Multiple Vulnerabilities in Mozilla Products Severity : Category I - VMSKEY : V0042380 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-06-22 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2016-0066.nasl - Type : ACT_GATHER_INFO |
2016-06-22 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2016-0065.nasl - Type : ACT_GATHER_INFO |
2015-04-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201504-01.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0023.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0015.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0014.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1841.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1840.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0041.nasl - Type : ACT_GATHER_INFO |
2014-10-31 | Name : The remote host is affected by multiple vulnerabilities. File : oracle_opensso_agent_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO |
2014-07-31 | Name : The remote host is running software with multiple vulnerabilities. File : oracle_traffic_director_july_2014_cpu.nasl - Type : ACT_GATHER_INFO |
2014-07-18 | Name : The remote web server is affected by multiple vulnerabilities. File : sun_java_web_server_7_0_20.nasl - Type : ACT_GATHER_INFO |
2014-07-18 | Name : A web proxy server on the remote host is affected by multiple vulnerabilities. File : iplanet_web_proxy_4_0_24.nasl - Type : ACT_GATHER_INFO |
2014-07-18 | Name : The remote web server is affected by multiple vulnerabilities. File : glassfish_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO |
2014-06-23 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-19.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-878.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-266.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-265.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-23479.nasl - Type : ACT_GATHER_INFO |
2013-12-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-23301.nasl - Type : ACT_GATHER_INFO |
2013-12-14 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131212_nss__nspr__and_nss_util_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-12-14 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-22756.nasl - Type : ACT_GATHER_INFO |
2013-12-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1829.nasl - Type : ACT_GATHER_INFO |
2013-12-13 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1829.nasl - Type : ACT_GATHER_INFO |
2013-12-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1829.nasl - Type : ACT_GATHER_INFO |
2013-12-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131205_nss_and_nspr_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-12-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1791.nasl - Type : ACT_GATHER_INFO |
2013-12-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1791.nasl - Type : ACT_GATHER_INFO |
2013-12-06 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1791.nasl - Type : ACT_GATHER_INFO |
2013-12-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_nss-201311-131121.nasl - Type : ACT_GATHER_INFO |
2013-11-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2800.nasl - Type : ACT_GATHER_INFO |
2013-11-22 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_24_1_1.nasl - Type : ACT_GATHER_INFO |
2013-11-22 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_11_esr.nasl - Type : ACT_GATHER_INFO |
2013-11-22 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_24_1_1.nasl - Type : ACT_GATHER_INFO |
2013-11-22 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2032-1.nasl - Type : ACT_GATHER_INFO |
2013-11-22 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_17011_esr.nasl - Type : ACT_GATHER_INFO |
2013-11-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-270.nasl - Type : ACT_GATHER_INFO |
2013-11-21 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2031-1.nasl - Type : ACT_GATHER_INFO |
2013-11-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2030-1.nasl - Type : ACT_GATHER_INFO |
2013-11-18 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_17011_esr.nasl - Type : ACT_GATHER_INFO |
2013-11-18 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_25_0_1.nasl - Type : ACT_GATHER_INFO |
2013-11-18 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_24_1_1_esr.nasl - Type : ACT_GATHER_INFO |
2013-11-18 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_11_esr.nasl - Type : ACT_GATHER_INFO |
2013-11-18 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_24_1_1_esr.nasl - Type : ACT_GATHER_INFO |
2013-11-18 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_2501.nasl - Type : ACT_GATHER_INFO |
2013-11-18 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_2221.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-01-22 09:26:28 |
|
2014-11-08 13:32:04 |
|
2013-12-16 21:18:34 |
|