|
|
Family: Fedora Local Security Checks --> Category: infos
Fedora Core 5 2006-979: nss Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the nss package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory FEDORA-2006-979 (nss).
Network Security Services (NSS) is a set of libraries designed to
support cross-platform development of security-enabled client and
server applications. Applications built with NSS can support SSL v2
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509
v3 certificates, and other security standards.
Update Information:
Network Security Services (NSS) is a set of libraries
designed to support cross-platform development of
security-enabled client and server applications.
Applications built with NSS can support SSL v2 and v3, TLS,
PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3
certificates, and other security standards.
Daniel Bleichenbacher recently described an implementation
error in RSA signature verification. For RSA keys with
exponent 3 it is possible for a possible hacker to forge a
signature that which would be incorrectly verified by the
NSS library. (CVE-2006-4340)
All users of NSS, which includes users of Firefox,
Thunderbird, Seamonkey, and other mozilla.org products, are
recommended to update to this package, which contains NSS
version 3.11.3 which is not vulnerable to this issue.
Solution : Get the newest Fedora Updates
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
