Test ID:	1.3.6.1.4.1.25623.1.1.1.2.2017.971
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-971-1)
Summary:	The remote host is missing an update for the Debian 'nss' package(s) announced via the DLA-971-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'nss' package(s) announced via the DLA-971-1 advisory. Vulnerability Insight: CVE-2017-7502 A null pointer dereference vulnerability in NSS was found when server receives empty SSLv2 messages. This issue was introduced with the recent removal of SSLv2 protocol from upstream code in 3.24.0 and introduction of dedicated parser able to handle just sslv2-style hello messages. For Debian 7 Wheezy, this problem has been fixed in version 2:3.26-1+debu7u4. We recommend that you upgrade your nss packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'nss' package(s) on Debian 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7502 1038579 http://www.securitytracker.com/id/1038579 98744 http://www.securityfocus.com/bid/98744 DSA-3872 http://www.debian.org/security/2017/dsa-3872 RHSA-2017:1364 https://access.redhat.com/errata/RHSA-2017:1364 RHSA-2017:1365 https://access.redhat.com/errata/RHSA-2017:1365 RHSA-2017:1567 https://access.redhat.com/errata/RHSA-2017:1567 RHSA-2017:1712 https://access.redhat.com/errata/RHSA-2017:1712 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html https://hg.mozilla.org/projects/nss/rev/55ea60effd0d
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.