|Category:||Red Hat Local Security Checks|
|Title:||RedHat Security Advisory RHSA-2010:0862|
The remote host is missing updates announced in
Network Security Services (NSS) is a set of libraries designed to support
the development of security-enabled client and server applications.
A flaw was found in the way NSS matched SSL certificates when the
certificates had a Common Name containing a wildcard and a partial IP
address. NSS incorrectly accepted connections to IP addresses that fell
within the SSL certificate's wildcard range as valid SSL connections,
possibly allowing an attacker to conduct a man-in-the-middle attack.
All NSS users should upgrade to these updated packages, which provide NSS
version 3.12.8 to resolve this issue. After installing the update,
applications using NSS must be restarted for the changes to take effect.
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
Risk factor : Medium
Common Vulnerability Exposure (CVE) ID: CVE-2010-3170|
Debian Security Information: DSA-2123 (Google Search)
SuSE Security Announcement: SUSE-SR:2010:020 (Google Search)
|Copyright||Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.