Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.703034
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 3034-1 (iceweasel - security update)
Summary:Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS;(the Mozilla Network Security Service library, embedded in Wheezy's;Iceweasel package), was parsing ASN.1 data used in signatures, making it;vulnerable to a signature forgery attack.;;An attacker could craft ASN.1 data to forge RSA certificates with a;valid certification chain to a trusted CA.
Description:Summary:
Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS
(the Mozilla Network Security Service library, embedded in Wheezy's
Iceweasel package), was parsing ASN.1 data used in signatures, making it
vulnerable to a signature forgery attack.

An attacker could craft ASN.1 data to forge RSA certificates with a
valid certification chain to a trusted CA.

Affected Software/OS:
iceweasel on Debian Linux

Solution:
For the stable distribution (wheezy), this problem has been fixed in
version 24.8.1esr-1~
deb7u1.

For the testing distribution (jessie) and unstable distribution (sid),
Iceweasel uses the system NSS library, handled in DSA 3033-1.

We recommend that you upgrade your iceweasel packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-1568
BugTraq ID: 70116
http://www.securityfocus.com/bid/70116
CERT/CC vulnerability note: VU#772676
http://www.kb.cert.org/vuls/id/772676
Debian Security Information: DSA-3033 (Google Search)
http://www.debian.org/security/2014/dsa-3033
Debian Security Information: DSA-3034 (Google Search)
http://www.debian.org/security/2014/dsa-3034
Debian Security Information: DSA-3037 (Google Search)
http://www.debian.org/security/2014/dsa-3037
https://security.gentoo.org/glsa/201504-01
RedHat Security Advisories: RHSA-2014:1307
http://rhn.redhat.com/errata/RHSA-2014-1307.html
RedHat Security Advisories: RHSA-2014:1354
http://rhn.redhat.com/errata/RHSA-2014-1354.html
RedHat Security Advisories: RHSA-2014:1371
http://rhn.redhat.com/errata/RHSA-2014-1371.html
http://secunia.com/advisories/61540
http://secunia.com/advisories/61574
http://secunia.com/advisories/61575
http://secunia.com/advisories/61576
http://secunia.com/advisories/61583
SuSE Security Announcement: SUSE-SU-2014:1220 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html
SuSE Security Announcement: openSUSE-SU-2014:1224 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html
SuSE Security Announcement: openSUSE-SU-2014:1232 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html
http://www.ubuntu.com/usn/USN-2360-1
http://www.ubuntu.com/usn/USN-2360-2
http://www.ubuntu.com/usn/USN-2361-1
XForce ISS Database: mozilla-nss-cve20141568-sec-bypass(96194)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96194
CopyrightCopyright (c) 2014 Greenbone Networks GmbH http://greenbone.net

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.