Test ID:	1.3.6.1.4.1.25623.1.0.63624
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-740-1)
Summary:	The remote host is missing an update for the 'firefox, nss' package(s) announced via the USN-740-1 advisory.
Description:	Summary: The remote host is missing an update for the 'firefox, nss' package(s) announced via the USN-740-1 advisory. Vulnerability Insight: The MD5 algorithm is known not to be collision resistant. This update blocklists the proof of concept rogue certificate authority as discussed in [link moved to references]. Affected Software/OS: 'firefox, nss' package(s) on Ubuntu 6.06, Ubuntu 7.10, Ubuntu 8.04, Ubuntu 8.10. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-2761 BugTraq ID: 33065 http://www.securityfocus.com/bid/33065 Bugtraq: 20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate (Google Search) http://www.securityfocus.com/archive/1/499685/100/0/threaded CERT/CC vulnerability note: VU#836068 http://www.kb.cert.org/vuls/id/836068 Cisco Security Advisory: 20090115 MD5 Hashes May Allow for Certificate Spoofing http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/ http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx http://www.doxpara.com/research/md5/md5_someday.pdf http://www.microsoft.com/technet/security/advisory/961509.mspx http://www.phreedom.org/research/rogue-ca/ http://www.win.tue.nl/hashclash/SoftIntCodeSign/ http://www.win.tue.nl/hashclash/rogue-ca/ https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 RedHat Security Advisories: RHSA-2010:0837 https://rhn.redhat.com/errata/RHSA-2010-0837.html RedHat Security Advisories: RHSA-2010:0838 https://rhn.redhat.com/errata/RHSA-2010-0838.html http://securitytracker.com/id?1024697 http://secunia.com/advisories/33826 http://secunia.com/advisories/34281 http://secunia.com/advisories/42181 http://securityreason.com/securityalert/4866 http://www.ubuntu.com/usn/usn-740-1
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.