Detections
Analytics
Scientific Linux Security Update : nss and nss-util on SL6.x, SL7.x i386/x86_64 (20170420)
critical Nessus Plugin ID 99577
Language:
Synopsis
The remote Scientific Linux host is missing one or more security updates.Description
The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries.The following packages have been upgraded to a newer upstream version:
nss (3.28.4), nss-util (3.28.4).
Security Fix(es) :
- An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2017-5461)
Solution
Update the affected packages.See Also
Plugin Details
Severity: Critical
ID: 99577
File Name: sl_20170420_nss_and_nss_util_on_SL6_x.nasl
Version: 3.6
Type: local
Agent: unix
Published: 4/21/2017
Updated: 1/14/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: p-cpe:/a:fermilab:scientific_linux:nss, p-cpe:/a:fermilab:scientific_linux:nss-debuginfo, p-cpe:/a:fermilab:scientific_linux:nss-devel, p-cpe:/a:fermilab:scientific_linux:nss-pkcs11-devel, p-cpe:/a:fermilab:scientific_linux:nss-sysinit, p-cpe:/a:fermilab:scientific_linux:nss-tools, p-cpe:/a:fermilab:scientific_linux:nss-util, p-cpe:/a:fermilab:scientific_linux:nss-util-debuginfo, p-cpe:/a:fermilab:scientific_linux:nss-util-devel, x-cpe:/o:fermilab:scientific_linux
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list
Patch Publication Date: 4/20/2017
Vulnerability Publication Date: 5/11/2017
Reference Information
CVE: CVE-2017-5461