Test ID:	1.3.6.1.4.1.25623.1.0.64842
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2009:197-2 (nss)
Summary:	The remote host is missing an update to nss;announced via advisory MDVSA-2009:197-2.
Description:	Summary: The remote host is missing an update to nss announced via advisory MDVSA-2009:197-2. Vulnerability Insight: Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404). This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. Update: This update also provides fixed packages for Mandriva Linux 2008.1 and fixes mozilla-thunderbird error messages. Affected: 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2408 1021030 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1 1022632 http://www.securitytracker.com/id?1022632 36088 http://secunia.com/advisories/36088 36125 http://secunia.com/advisories/36125 36139 http://secunia.com/advisories/36139 36157 http://secunia.com/advisories/36157 36434 http://secunia.com/advisories/36434 36669 http://secunia.com/advisories/36669 37098 http://secunia.com/advisories/37098 56723 http://osvdb.org/56723 ADV-2009-2085 http://www.vupen.com/english/advisories/2009/2085 ADV-2009-3184 http://www.vupen.com/english/advisories/2009/3184 DSA-1874 http://www.debian.org/security/2009/dsa-1874 MDVSA-2009:197 http://www.mandriva.com/security/advisories?name=MDVSA-2009:197 MDVSA-2009:216 http://www.mandriva.com/security/advisories?name=MDVSA-2009:216 MDVSA-2009:217 http://www.mandriva.com/security/advisories?name=MDVSA-2009:217 RHSA-2009:1207 http://www.redhat.com/support/errata/RHSA-2009-1207.html RHSA-2009:1432 http://www.redhat.com/support/errata/RHSA-2009-1432.html SUSE-SA:2009:048 http://www.novell.com/linux/security/advisories/2009_48_firefox.html SUSE-SR:2009:018 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html USN-810-1 http://www.ubuntu.com/usn/usn-810-1 USN-810-2 https://usn.ubuntu.com/810-2/ [oss-security] 20090903 More CVE-2009-2408 like issues http://marc.info/?l=oss-security&m=125198917018936&w=2 http://isc.sans.org/diary.html?storyid=7003 http://www.mozilla.org/security/announce/2009/mfsa2009-42.html http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8&r2=1.11&f=h http://www.wired.com/threatlevel/2009/07/kaminsky/ https://bugzilla.redhat.com/show_bug.cgi?id=510251 oval:org.mitre.oval:def:10751 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751 oval:org.mitre.oval:def:8458 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458 Common Vulnerability Exposure (CVE) ID: CVE-2009-2409 1022631 http://www.securitytracker.com/id?1022631 20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console http://www.securityfocus.com/archive/1/515055/100/0/threaded 36739 http://secunia.com/advisories/36739 37386 http://secunia.com/advisories/37386 42467 http://secunia.com/advisories/42467 ADV-2010-3126 http://www.vupen.com/english/advisories/2010/3126 APPLE-SA-2009-11-09-1 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html DSA-1888 https://www.debian.org/security/2009/dsa-1888 GLSA-200911-02 http://security.gentoo.org/glsa/glsa-200911-02.xml GLSA-200912-01 http://security.gentoo.org/glsa/glsa-200912-01.xml MDVSA-2009:258 http://www.mandriva.com/security/advisories?name=MDVSA-2009:258 MDVSA-2010:084 http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 RHSA-2010:0095 https://rhn.redhat.com/errata/RHSA-2010-0095.html [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u17.html http://support.apple.com/kb/HT3937 http://www.vmware.com/security/advisories/VMSA-2010-0019.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2409 oval:org.mitre.oval:def:10763 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10763 oval:org.mitre.oval:def:6631 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6631 oval:org.mitre.oval:def:7155 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7155 oval:org.mitre.oval:def:8594 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8594 Common Vulnerability Exposure (CVE) ID: CVE-2009-2404 1021699 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1 273910 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1 35891 http://www.securityfocus.com/bid/35891 36102 http://secunia.com/advisories/36102 39428 http://secunia.com/advisories/39428 RHSA-2009:1185 http://rhn.redhat.com/errata/RHSA-2009-1185.html TA10-103B http://www.us-cert.gov/cas/techalerts/TA10-103B.html http://www.blackhat.com/presentations/bh-usa-09/MARLINSPIKE/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf http://www.mozilla.org/security/announce/2009/mfsa2009-43.html http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html https://bugzilla.redhat.com/show_bug.cgi?id=512912 oval:org.mitre.oval:def:11174 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11174 oval:org.mitre.oval:def:8658 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8658
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.