Executive Summary
Summary | |
---|---|
Title | nss security update |
Informations | |||
---|---|---|---|
Name | DSA-2790 | First vendor Publication | 2013-11-02 |
Vendor | Debian | Last vendor Modification | 2013-11-02 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A flaw was found in the way the Mozilla Network Security Service library (nss) read uninitialized data when there was a decryption failure. A remote attacker could use this flaw to cause a denial of service (application crash) for applications linked with the nss library. The oldstable distribution (squeeze) is not affected by this problem. For the stable distribution (wheezy), this problem has been fixed in version 2:3.14.4-1. The packages in the stable distribution were updated to the latest patch release 3.14.4 of the library to also include a regression bugfix for a flaw that affects the libpkix certificate verification cache. More information can be found via: https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14.4_release_notes For the testing distribution (jessie), this problem has been fixed in version 2:3.15.2-1. For the unstable distribution (sid), this problem has been fixed in version 2:3.15.2-1. We recommend that you upgrade your nss packages. |
Original Source
Url : http://www.debian.org/security/2013/dsa-2790 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:19254 | |||
Oval ID: | oval:org.mitre.oval:def:19254 | ||
Title: | Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. | ||
Description: | Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1739 | Version: | 15 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19523 | |||
Oval ID: | oval:org.mitre.oval:def:19523 | ||
Title: | DSA-2790-1 nss - uninitialised memory read | ||
Description: | A flaw was found in the way the Mozilla Network Security Service library (nss) read uninitialised data when there was a decryption failure. A remote attacker could use this flaw to cause a denial of service (application crash) for applications linked with the nss library. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2790-1 CVE-2013-1739 | Version: | 5 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | nss |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0041.nasl - Type : ACT_GATHER_INFO |
2014-10-31 | Name : The remote host is affected by multiple vulnerabilities. File : oracle_opensso_agent_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO |
2014-07-31 | Name : The remote host is running software with multiple vulnerabilities. File : oracle_traffic_director_july_2014_cpu.nasl - Type : ACT_GATHER_INFO |
2014-07-18 | Name : The remote web server is affected by multiple vulnerabilities. File : sun_java_web_server_7_0_20.nasl - Type : ACT_GATHER_INFO |
2014-07-18 | Name : A web proxy server on the remote host is affected by multiple vulnerabilities. File : iplanet_web_proxy_4_0_24.nasl - Type : ACT_GATHER_INFO |
2014-07-18 | Name : The remote web server is affected by multiple vulnerabilities. File : glassfish_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO |
2014-06-23 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-19.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-749.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-266.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-265.nasl - Type : ACT_GATHER_INFO |
2013-12-14 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131212_nss__nspr__and_nss_util_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-12-13 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1829.nasl - Type : ACT_GATHER_INFO |
2013-12-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1829.nasl - Type : ACT_GATHER_INFO |
2013-12-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1829.nasl - Type : ACT_GATHER_INFO |
2013-12-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131205_nss_and_nspr_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-12-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1791.nasl - Type : ACT_GATHER_INFO |
2013-12-06 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1791.nasl - Type : ACT_GATHER_INFO |
2013-12-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1791.nasl - Type : ACT_GATHER_INFO |
2013-11-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-270.nasl - Type : ACT_GATHER_INFO |
2013-11-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2030-1.nasl - Type : ACT_GATHER_INFO |
2013-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201310-131101.nasl - Type : ACT_GATHER_INFO |
2013-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-nss-201310-131030.nasl - Type : ACT_GATHER_INFO |
2013-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-nss-201310-131029.nasl - Type : ACT_GATHER_INFO |
2013-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201310-131109.nasl - Type : ACT_GATHER_INFO |
2013-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201310-131108.nasl - Type : ACT_GATHER_INFO |
2013-11-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2790.nasl - Type : ACT_GATHER_INFO |
2013-11-01 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2010-1.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_10_esr.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_222.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_24_1.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_17010_esr.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_25.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_24_1_esr.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_25.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_24_1_esr.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_10_esr.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_81f866ad41a411e3a4af0025905a4771.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_17010_esr.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_24_1.nasl - Type : ACT_GATHER_INFO |
2013-10-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2009-1.nasl - Type : ACT_GATHER_INFO |
2013-10-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-257.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-01-22 09:26:07 |
|
2014-02-17 11:32:18 |
|
2013-11-02 09:18:37 |
|