English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59379
Category:Fedora Local Security Checks
Title:Fedora Core 5 FEDORA-2006-979 (nss)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to nss
announced via advisory FEDORA-2006-979.

Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.

Update Information:

Network Security Services (NSS) is a set of libraries
designed to support cross-platform development of
security-enabled client and server applications.
Applications built with NSS can support SSL v2 and v3, TLS,
PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.

Daniel Bleichenbacher recently described an implementation
error in RSA signature verification. For RSA keys with
exponent 3 it is possible for an attacker to forge a
signature that which would be incorrectly verified by the
NSS library. (CVE-2006-4340)

All users of NSS, which includes users of Firefox,
Thunderbird, Seamonkey, and other mozilla.org products, are
recommended to update to this package, which contains NSS
version 3.11.3 which is not vulnerable to this issue.
* Thu Sep 14 2006 Kai Engert - 3.11.3-0.5.fc5
- Enable executable bit on shared libs, also fixes debug info.
- Update to 3.11.3
* Mon Jun 19 2006 Kai Engert - 3.11.1-1.fc5
- Update to 3.11.1
- Include upstream patch to limit curves

Solution: Apply the appropriate updates.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/


This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.


http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2006-979

Risk factor : Medium

CVSS Score:
4.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-4340
1016858
http://securitytracker.com/id?1016858
1016859
http://securitytracker.com/id?1016859
1016860
http://securitytracker.com/id?1016860
102648
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
102781
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
20060901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
20060915 rPSA-2006-0169-1 firefox thunderbird
http://www.securityfocus.com/archive/1/446140/100/0/threaded
21903
http://secunia.com/advisories/21903
21906
http://secunia.com/advisories/21906
21915
http://secunia.com/advisories/21915
21916
http://secunia.com/advisories/21916
21939
http://secunia.com/advisories/21939
21940
http://secunia.com/advisories/21940
21949
http://secunia.com/advisories/21949
21950
http://secunia.com/advisories/21950
22001
http://secunia.com/advisories/22001
22025
http://secunia.com/advisories/22025
22036
http://secunia.com/advisories/22036
22044
http://secunia.com/advisories/22044
22055
http://secunia.com/advisories/22055
22056
http://secunia.com/advisories/22056
22066
http://secunia.com/advisories/22066
22074
http://secunia.com/advisories/22074
22088
http://secunia.com/advisories/22088
22195
http://secunia.com/advisories/22195
22210
http://secunia.com/advisories/22210
22226
http://secunia.com/advisories/22226
22247
http://secunia.com/advisories/22247
22274
http://secunia.com/advisories/22274
22299
http://secunia.com/advisories/22299
22342
http://secunia.com/advisories/22342
22422
http://secunia.com/advisories/22422
22446
http://secunia.com/advisories/22446
22849
http://secunia.com/advisories/22849
22992
http://secunia.com/advisories/22992
23883
http://secunia.com/advisories/23883
24711
http://secunia.com/advisories/24711
ADV-2006-3617
http://www.vupen.com/english/advisories/2006/3617
ADV-2006-3622
http://www.vupen.com/english/advisories/2006/3622
ADV-2006-3748
http://www.vupen.com/english/advisories/2006/3748
ADV-2006-3899
http://www.vupen.com/english/advisories/2006/3899
ADV-2007-0293
http://www.vupen.com/english/advisories/2007/0293
ADV-2007-1198
http://www.vupen.com/english/advisories/2007/1198
ADV-2008-0083
http://www.vupen.com/english/advisories/2008/0083
DSA-1191
http://www.us.debian.org/security/2006/dsa-1191
DSA-1192
http://www.debian.org/security/2006/dsa-1192
DSA-1210
http://www.debian.org/security/2006/dsa-1210
GLSA-200609-19
http://security.gentoo.org/glsa/glsa-200609-19.xml
GLSA-200610-01
http://security.gentoo.org/glsa/glsa-200610-01.xml
GLSA-200610-06
http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
HPSBUX02153
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
MDKSA-2006:168
http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
MDKSA-2006:169
http://www.mandriva.com/security/advisories?name=MDKSA-2006:169
RHSA-2006:0675
http://www.redhat.com/support/errata/RHSA-2006-0675.html
RHSA-2006:0676
http://www.redhat.com/support/errata/RHSA-2006-0676.html
RHSA-2006:0677
http://www.redhat.com/support/errata/RHSA-2006-0677.html
SSRT061181
SUSE-SA:2006:054
http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
SUSE-SA:2006:055
http://www.novell.com/linux/security/advisories/2006_55_ssl.html
TA06-312A
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
USN-350-1
http://www.ubuntu.com/usn/usn-350-1
USN-351-1
http://www.ubuntu.com/usn/usn-351-1
USN-352-1
http://www.ubuntu.com/usn/usn-352-1
USN-354-1
http://www.ubuntu.com/usn/usn-354-1
USN-361-1
http://www.ubuntu.com/usn/usn-361-1
[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
https://issues.rpath.com/browse/RPL-640
mozilla-nss-security-bypass(30098)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
oval:org.mitre.oval:def:11007
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.