Detections
Analytics

Amazon Linux AMI : nss, nss-softokn, nss-util, nspr (ALAS-2020-1355)

high Nessus Plugin ID 134681

Language:

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

The version of nspr installed on the remote host is prior to 4.21.0-1.43. The version of nss installed on the remote host is prior to 3.44.0-7.84. The version of nss-softokn installed on the remote host is prior to 3.44.0-8.44. The version of nss-util installed on the remote host is prior to 3.44.0-4.56. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1355 advisory.

 A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. (CVE-2019-11745)

 A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. (CVE-2018-12404)

 Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729)

 Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the
 _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP.
 To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. (CVE-2018-0495)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update nss' to update your system.
 Run 'yum update nss-softokn' to update your system.
 Run 'yum update nss-util' to update your system.
 Run 'yum update nspr' to update your system.

See Also

https://access.redhat.com/security/cve/CVE-2018-0495

https://access.redhat.com/security/cve/CVE-2018-12404

https://access.redhat.com/security/cve/CVE-2019-11729

https://access.redhat.com/security/cve/CVE-2019-11745

https://alas.aws.amazon.com/ALAS-2020-1355.html

Plugin Details

Severity: High

ID: 134681

File Name: ala_ALAS-2020-1355.nasl

Version: 1.4

Type: local

Agent: unix

Published: 3/19/2020

Updated: 12/11/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-11745

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:nspr-devel, p-cpe:/a:amazon:linux:nss-softokn, p-cpe:/a:amazon:linux:nss-util-devel, p-cpe:/a:amazon:linux:nss-util, p-cpe:/a:amazon:linux:nss-devel, p-cpe:/a:amazon:linux:nss-softokn-devel, p-cpe:/a:amazon:linux:nss-softokn-freebl, cpe:/o:amazon:linux, p-cpe:/a:amazon:linux:nss, p-cpe:/a:amazon:linux:nss-softokn-freebl-devel, p-cpe:/a:amazon:linux:nss-sysinit, p-cpe:/a:amazon:linux:nss-pkcs11-devel, p-cpe:/a:amazon:linux:nss-tools, p-cpe:/a:amazon:linux:nss-util-debuginfo, p-cpe:/a:amazon:linux:nspr, p-cpe:/a:amazon:linux:nss-debuginfo, p-cpe:/a:amazon:linux:nspr-debuginfo, p-cpe:/a:amazon:linux:nss-softokn-debuginfo

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/18/2020

Vulnerability Publication Date: 6/13/2018

Reference Information

CVE: CVE-2018-0495, CVE-2018-12404, CVE-2019-11729, CVE-2019-11745

ALAS: 2020-1355