Detections
Analytics
Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20151104)
critical Nessus Plugin ID 86751
Language:
Synopsis
The remote Scientific Linux host is missing one or more security updates.Description
A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library. (CVE-2015-7181, CVE-2015-7182)A heap-based buffer overflow was found in NSPR. An attacker could use this flaw to cause NSPR to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSPR library. (CVE-2015-7183)
Solution
Update the affected packages.See Also
Plugin Details
Severity: Critical
ID: 86751
File Name: sl_20151104_nss_and_nspr_on_SL5_x.nasl
Version: 2.12
Type: local
Agent: unix
Published: 11/5/2015
Updated: 1/14/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: p-cpe:/a:fermilab:scientific_linux:nspr-devel, p-cpe:/a:fermilab:scientific_linux:nspr, x-cpe:/o:fermilab:scientific_linux, p-cpe:/a:fermilab:scientific_linux:nspr-debuginfo, p-cpe:/a:fermilab:scientific_linux:nss-devel, p-cpe:/a:fermilab:scientific_linux:nss, p-cpe:/a:fermilab:scientific_linux:nss-debuginfo, p-cpe:/a:fermilab:scientific_linux:nss-pkcs11-devel, p-cpe:/a:fermilab:scientific_linux:nss-tools
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Patch Publication Date: 11/4/2015
Vulnerability Publication Date: 11/5/2015