Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Gentoo Local Security Checks --> Category: infos

[GLSA-200610-06] Mozilla Network Security Service (NSS): RSA signature forgery Vulnerability Scan

Vulnerability Scan Summary
Mozilla Network Security Service (NSS): RSA signature forgery

Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200610-06
(Mozilla Network Security Service (NSS): RSA signature forgery)

Daniel Bleichenbacher discovered that it might be possible to forge
signatures signed by RSA keys with the exponent of 3. This affects a
number of RSA signature implementations, including Mozilla's NSS.


Since several Certificate Authorities (CAs) are using an exponent of 3
it might be possible for a possible hacker to create a key with a false CA
signature. This impacts any software using the NSS library, like the
Mozilla products Firefox, Thunderbird and Seamonkey.


There is no known workaround at this time.


All NSS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/nss-3.11.3"
Note: As usual after updating a library, you should run
'revdep-rebuild' (from the app-portage/gentoolkit package) to ensure
that all applications linked to it are properly rebuilt.

Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.