Detections
Analytics

FreeBSD : nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl (aa5bc971-d635-11e0-b3cf-080027ef73ec)

high Nessus Plugin ID 56081

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Heather Adkins, Google's Information Security Manager, reported that Google received

[...] reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it). [...]

VASCO Data Security International Inc., owner of DigiNotar, issued a press statement confirming this incident :

On July 19th 2011, DigiNotar detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains, including Google.com. [...] an external security audit concluded that all fraudulently issued certificates were revoked.
Recently, it was discovered that at least one fraudulent certificate had not been revoked at the time. [...]

Mozilla, maintainer of the NSS package, from which FreeBSD derived ca_root_nss, stated that they :

revoked our trust in the DigiNotar certificate authority from all Mozilla software. This is not a temporary suspension, it is a complete removal from our trusted root program. Complete revocation of trust is a decision we treat with careful consideration, and employ as a last resort.

Three central issues informed our decision :

- Failure to notify. [...]

- The scope of the breach remains unknown. [...]

- The attack is not theoretical.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?baa49230

https://www.mozilla.org/en-US/security/advisories/mfsa2011-34/

http://www.nessus.org/u?5ec99806

http://www.nessus.org/u?6fd84a11

Plugin Details

Severity: High

ID: 56081

File Name: freebsd_pkg_aa5bc971d63511e0b3cf080027ef73ec.nasl

Version: 1.17

Type: local

Published: 9/6/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-firefox, p-cpe:/a:freebsd:freebsd:thunderbird, p-cpe:/a:freebsd:freebsd:seamonkey, p-cpe:/a:freebsd:freebsd:linux-seamonkey, cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:ca_root_nss, p-cpe:/a:freebsd:freebsd:nss, p-cpe:/a:freebsd:freebsd:linux-thunderbird, p-cpe:/a:freebsd:freebsd:firefox

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 9/3/2011

Vulnerability Publication Date: 7/19/2011