Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2014:1220-1)
Summary:The remote host is missing an update for the 'mozilla-nss' package(s) announced via the SUSE-SU-2014:1220-1 advisory.
The remote host is missing an update for the 'mozilla-nss' package(s) announced via the SUSE-SU-2014:1220-1 advisory.

Vulnerability Insight:
Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue.

MFSA 2014-73 / CVE-2014-1568: Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services (NSS) libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates.

The Advanced Threat Research team at Intel Security also independently discovered and reported this issue.

Security Issues:

* CVE-2014-1568

Affected Software/OS:
'mozilla-nss' package(s) on SUSE Linux Enterprise Software Development Kit 11 SP3, SUSE Linux Enterprise Server 11 SP3, SUSE Linux Enterprise Desktop 11 SP3

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-1568
BugTraq ID: 70116
CERT/CC vulnerability note: VU#772676
Debian Security Information: DSA-3033 (Google Search)
Debian Security Information: DSA-3034 (Google Search)
Debian Security Information: DSA-3037 (Google Search)
RedHat Security Advisories: RHSA-2014:1307
RedHat Security Advisories: RHSA-2014:1354
RedHat Security Advisories: RHSA-2014:1371
SuSE Security Announcement: SUSE-SU-2014:1220 (Google Search)
SuSE Security Announcement: openSUSE-SU-2014:1224 (Google Search)
SuSE Security Announcement: openSUSE-SU-2014:1232 (Google Search)
XForce ISS Database: mozilla-nss-cve20141568-sec-bypass(96194)
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.