Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.703037
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 3037-1 (icedove - security update)
Summary:Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the;Mozilla Network Security Service library, embedded in Wheezy's Icedove),;was parsing ASN.1 data used in signatures, making it vulnerable to a;signature forgery attack.;;An attacker could craft ASN.1 data to forge RSA certificates with a valid;certification chain to a trusted CA.
Description:Summary:
Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the
Mozilla Network Security Service library, embedded in Wheezy's Icedove),
was parsing ASN.1 data used in signatures, making it vulnerable to a
signature forgery attack.

An attacker could craft ASN.1 data to forge RSA certificates with a valid
certification chain to a trusted CA.

Affected Software/OS:
icedove on Debian Linux

Solution:
For the stable distribution (wheezy), this problem has been fixed in
version 24.8.1-1~
deb7u1.

For the testing distribution (jessie) and unstable distribution (sid),
Icedove uses the system NSS library, handled in DSA 3033-1.

We recommend that you upgrade your icedove packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-1568
BugTraq ID: 70116
http://www.securityfocus.com/bid/70116
CERT/CC vulnerability note: VU#772676
http://www.kb.cert.org/vuls/id/772676
Debian Security Information: DSA-3033 (Google Search)
http://www.debian.org/security/2014/dsa-3033
Debian Security Information: DSA-3034 (Google Search)
http://www.debian.org/security/2014/dsa-3034
Debian Security Information: DSA-3037 (Google Search)
http://www.debian.org/security/2014/dsa-3037
https://security.gentoo.org/glsa/201504-01
RedHat Security Advisories: RHSA-2014:1307
http://rhn.redhat.com/errata/RHSA-2014-1307.html
RedHat Security Advisories: RHSA-2014:1354
http://rhn.redhat.com/errata/RHSA-2014-1354.html
RedHat Security Advisories: RHSA-2014:1371
http://rhn.redhat.com/errata/RHSA-2014-1371.html
http://secunia.com/advisories/61540
http://secunia.com/advisories/61574
http://secunia.com/advisories/61575
http://secunia.com/advisories/61576
http://secunia.com/advisories/61583
SuSE Security Announcement: SUSE-SU-2014:1220 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00032.html
SuSE Security Announcement: openSUSE-SU-2014:1224 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00036.html
SuSE Security Announcement: openSUSE-SU-2014:1232 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00039.html
http://www.ubuntu.com/usn/USN-2360-1
http://www.ubuntu.com/usn/USN-2360-2
http://www.ubuntu.com/usn/USN-2361-1
XForce ISS Database: mozilla-nss-cve20141568-sec-bypass(96194)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96194
CopyrightCopyright (c) 2014 Greenbone Networks GmbH http://greenbone.net

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.