ID de Prueba:	1.3.6.1.4.1.25623.1.0.64597
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:1207
Resumen:	The remote host is missing updates to Netscape Portable Runtime (NSPR);and Network Security Services (NSS) announced in advisory RHSA-2009:1207.;;These updated packages upgrade NSS from the previous version, 3.12.2, to a;prerelease of version 3.12.4. The version of NSPR has also been upgraded;from 4.7.3 to 4.7.4.;;Moxie Marlinspike reported a heap overflow flaw in a regular expression;parser in the NSS library used by browsers such as Mozilla Firefox to match;common names in certificates. A malicious website could present a;carefully-crafted certificate in such a way as to trigger the heap;overflow, leading to a crash or, possibly, arbitrary code execution with;the permissions of the user running the browser. (CVE-2009-2404);;Note: in order to exploit this issue without further user interaction in;Firefox, the carefully-crafted certificate would need to be signed by a;Certificate Authority trusted by Firefox, otherwise Firefox presents the;victim with a warning that the certificate is untrusted. Only if the user;then accepts the certificate will the overflow take place.;;Dan Kaminsky discovered flaws in the way browsers such as Firefox handle;NULL characters in a certificate. If an attacker is able to get a;carefully-crafted certificate signed by a Certificate Authority trusted by;Firefox, the attacker could use the certificate during a man-in-the-middle;attack and potentially confuse Firefox into accepting it by mistake.;(CVE-2009-2408);;Dan Kaminsky found that browsers still accept certificates with MD2 hash;signatures, even though MD2 is no longer considered a cryptographically;strong algorithm. This could make it easier for an attacker to create a;malicious certificate that would be treated as trusted by a browser. NSS;now disables the use of MD2 and MD4 algorithms inside signatures by;default. (CVE-2009-2409);;All users of nspr and nss are advised to upgrade to these updated packages,;which resolve these issues.
Descripción:	Summary: The remote host is missing updates to Netscape Portable Runtime (NSPR) and Network Security Services (NSS) announced in advisory RHSA-2009:1207. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) All users of nspr and nss are advised to upgrade to these updated packages, which resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2404 1021030 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 1021699 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1 273910 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1 35891 http://www.securityfocus.com/bid/35891 36088 http://secunia.com/advisories/36088 36102 http://secunia.com/advisories/36102 36125 http://secunia.com/advisories/36125 36139 http://secunia.com/advisories/36139 36157 http://secunia.com/advisories/36157 36434 http://secunia.com/advisories/36434 37098 http://secunia.com/advisories/37098 39428 http://secunia.com/advisories/39428 ADV-2009-2085 http://www.vupen.com/english/advisories/2009/2085 DSA-1874 http://www.debian.org/security/2009/dsa-1874 MDVSA-2009:197 http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 MDVSA-2009:216 http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 RHSA-2009:1185 http://rhn.redhat.com/errata/RHSA-2009-1185.html RHSA-2009:1207 http://www.redhat.com/support/errata/RHSA-2009-1207.html SUSE-SA:2009:048 http://www.novell.com/linux/security/advisories/2009_48_firefox.html TA10-103B http://www.us-cert.gov/cas/techalerts/TA10-103B.html USN-810-1 http://www.ubuntu.com/usn/usn-810-1 USN-810-2 https://usn.ubuntu.com/810-2/ http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf http://www.mozilla.org/security/announce/2009/mfsa2009-43.html http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html https://bugzilla.redhat.com/show_bug.cgi?id=512912 oval:org.mitre.oval:def:11174 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11174 oval:org.mitre.oval:def:8658 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8658 Common Vulnerability Exposure (CVE) ID: CVE-2009-2408 1022632 http://www.securitytracker.com/id?1022632 36669 http://secunia.com/advisories/36669 56723 http://osvdb.org/56723 ADV-2009-3184 http://www.vupen.com/english/advisories/2009/3184 MDVSA-2009:217 http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 RHSA-2009:1432 http://www.redhat.com/support/errata/RHSA-2009-1432.html SUSE-SR:2009:018 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html [oss-security] 20090903 More CVE-2009-2408 like issues http://marc.info/?l=oss-security&m=125198917018936&w=2 http://isc.sans.org/diary.html?storyid=7003 http://www.mozilla.org/security/announce/2009/mfsa2009-42.html http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h http://www.wired.com/threatlevel/2009/07/kaminsky/ https://bugzilla.redhat.com/show_bug.cgi?id=510251 oval:org.mitre.oval:def:10751 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 oval:org.mitre.oval:def:8458 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 Common Vulnerability Exposure (CVE) ID: CVE-2009-2409 1022631 http://www.securitytracker.com/id?1022631 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console http://www.securityfocus.com/archive/1/515055/100/0/threaded 36739 http://secunia.com/advisories/36739 37386 http://secunia.com/advisories/37386 42467 http://secunia.com/advisories/42467 ADV-2010-3126 http://www.vupen.com/english/advisories/2010/3126 APPLE-SA-2009-11-09-1 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html DSA-1888 https://www.debian.org/security/2009/dsa-1888 GLSA-200911-02 http://security.gentoo.org/glsa/glsa-200911-02.xml GLSA-200912-01 http://security.gentoo.org/glsa/glsa-200912-01.xml MDVSA-2009:258 http://www.mandriva.com/security/advisories?name=MDVSA-2009:258 MDVSA-2010:084 http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u17.html http://support.apple.com/kb/HT3937 http://www.vmware.com/security/advisories/VMSA-2010-0019.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409 oval:org.mitre.oval:def:10763 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763 oval:org.mitre.oval:def:6631 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631 oval:org.mitre.oval:def:7155 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155 oval:org.mitre.oval:def:8594 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594
Copyright	Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.