Executive Summary
Summary | |
---|---|
Title | NSS vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-2030-1 | First vendor Publication | 2013-11-18 |
Vendor | Ubuntu | Last vendor Modification | 2013-11-18 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in NSS. Software Description: - nss: Network Security Service library Details: Multiple security issues were discovered in NSS. If a user were tricked into connecting to a malicious server, an attacker could possibly exploit these to cause a denial of service via application crash, potentially execute arbitrary code, or lead to information disclosure. This update also adds TLS v1.2 support to Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.04. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: Ubuntu 13.04: Ubuntu 12.10: Ubuntu 12.04 LTS: Ubuntu 10.04 LTS: This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use NSS, such as Evolution and Chromium, to make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-2030-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-264 | Permissions, Privileges, and Access Controls |
33 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
33 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:19140 | |||
Oval ID: | oval:org.mitre.oval:def:19140 | ||
Title: | DSA-2800-1 nss - buffer overflow | ||
Description: | Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library (nss). With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2800-1 CVE-2013-5605 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | nss |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19254 | |||
Oval ID: | oval:org.mitre.oval:def:19254 | ||
Title: | Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. | ||
Description: | Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1739 | Version: | 15 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19393 | |||
Oval ID: | oval:org.mitre.oval:def:19393 | ||
Title: | CERT_VerifyCert can SECSuccess for bad certificates | ||
Description: | The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-5606 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19523 | |||
Oval ID: | oval:org.mitre.oval:def:19523 | ||
Title: | DSA-2790-1 nss - uninitialised memory read | ||
Description: | A flaw was found in the way the Mozilla Network Security Service library (nss) read uninitialised data when there was a decryption failure. A remote attacker could use this flaw to cause a denial of service (application crash) for applications linked with the nss library. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2790-1 CVE-2013-1739 | Version: | 5 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | nss |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19530 | |||
Oval ID: | oval:org.mitre.oval:def:19530 | ||
Title: | Integer truncation in certificate parsing | ||
Description: | Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1741 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19731 | |||
Oval ID: | oval:org.mitre.oval:def:19731 | ||
Title: | Null Cipher buffer overflow | ||
Description: | Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-5605 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19770 | |||
Oval ID: | oval:org.mitre.oval:def:19770 | ||
Title: | USN-2030-1 -- nss vulnerabilities | ||
Description: | Several security issues were fixed in NSS. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-2030-1 CVE-2013-1739 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 | Version: | 5 |
Platform(s): | Ubuntu 13.10 Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | nss |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-11-21 | IAVM : 2013-A-0220 - Multiple Vulnerabilities in Mozilla Products Severity : Category I - VMSKEY : V0042380 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-06-22 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2016-0066.nasl - Type : ACT_GATHER_INFO |
2016-06-22 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2016-0065.nasl - Type : ACT_GATHER_INFO |
2015-04-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201504-01.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-23.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0023.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0015.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2014-0014.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1840.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1841.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0041.nasl - Type : ACT_GATHER_INFO |
2014-10-31 | Name : The remote host is affected by multiple vulnerabilities. File : oracle_opensso_agent_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO |
2014-08-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2994.nasl - Type : ACT_GATHER_INFO |
2014-07-31 | Name : The remote host is running software with multiple vulnerabilities. File : oracle_traffic_director_july_2014_cpu.nasl - Type : ACT_GATHER_INFO |
2014-07-18 | Name : The remote web server is affected by multiple vulnerabilities. File : sun_java_web_server_7_0_20.nasl - Type : ACT_GATHER_INFO |
2014-07-18 | Name : A web proxy server on the remote host is affected by multiple vulnerabilities. File : iplanet_web_proxy_4_0_24.nasl - Type : ACT_GATHER_INFO |
2014-07-18 | Name : The remote web server is affected by multiple vulnerabilities. File : glassfish_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO |
2014-06-23 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-19.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-878.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-749.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-266.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-265.nasl - Type : ACT_GATHER_INFO |
2013-12-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-23479.nasl - Type : ACT_GATHER_INFO |
2013-12-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-23301.nasl - Type : ACT_GATHER_INFO |
2013-12-14 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-22756.nasl - Type : ACT_GATHER_INFO |
2013-12-14 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131212_nss__nspr__and_nss_util_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-12-13 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1829.nasl - Type : ACT_GATHER_INFO |
2013-12-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1829.nasl - Type : ACT_GATHER_INFO |
2013-12-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1829.nasl - Type : ACT_GATHER_INFO |
2013-12-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20131205_nss_and_nspr_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-12-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1791.nasl - Type : ACT_GATHER_INFO |
2013-12-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1791.nasl - Type : ACT_GATHER_INFO |
2013-12-06 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1791.nasl - Type : ACT_GATHER_INFO |
2013-12-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_nss-201311-131121.nasl - Type : ACT_GATHER_INFO |
2013-11-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2800.nasl - Type : ACT_GATHER_INFO |
2013-11-22 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_24_1_1.nasl - Type : ACT_GATHER_INFO |
2013-11-22 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_17011_esr.nasl - Type : ACT_GATHER_INFO |
2013-11-22 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_11_esr.nasl - Type : ACT_GATHER_INFO |
2013-11-22 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_24_1_1.nasl - Type : ACT_GATHER_INFO |
2013-11-22 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2032-1.nasl - Type : ACT_GATHER_INFO |
2013-11-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-270.nasl - Type : ACT_GATHER_INFO |
2013-11-21 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2031-1.nasl - Type : ACT_GATHER_INFO |
2013-11-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2030-1.nasl - Type : ACT_GATHER_INFO |
2013-11-18 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_17011_esr.nasl - Type : ACT_GATHER_INFO |
2013-11-18 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_24_1_1_esr.nasl - Type : ACT_GATHER_INFO |
2013-11-18 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_11_esr.nasl - Type : ACT_GATHER_INFO |
2013-11-18 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_24_1_1_esr.nasl - Type : ACT_GATHER_INFO |
2013-11-18 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_25_0_1.nasl - Type : ACT_GATHER_INFO |
2013-11-18 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_2221.nasl - Type : ACT_GATHER_INFO |
2013-11-18 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_2501.nasl - Type : ACT_GATHER_INFO |
2013-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201310-131109.nasl - Type : ACT_GATHER_INFO |
2013-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201310-131108.nasl - Type : ACT_GATHER_INFO |
2013-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-nss-201310-131029.nasl - Type : ACT_GATHER_INFO |
2013-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-nss-201310-131030.nasl - Type : ACT_GATHER_INFO |
2013-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201310-131101.nasl - Type : ACT_GATHER_INFO |
2013-11-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2790.nasl - Type : ACT_GATHER_INFO |
2013-11-01 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2010-1.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_10_esr.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_24_1.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_17010_esr.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_222.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_24_1_esr.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_25.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_81f866ad41a411e3a4af0025905a4771.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_24_1_esr.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_25.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_10_esr.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_24_1.nasl - Type : ACT_GATHER_INFO |
2013-10-31 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_17010_esr.nasl - Type : ACT_GATHER_INFO |
2013-10-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2009-1.nasl - Type : ACT_GATHER_INFO |
2013-10-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-257.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-01-22 09:26:50 |
|
2014-02-17 12:02:46 |
|
2013-11-19 13:34:58 |
|
2013-11-19 00:18:55 |
|