Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-7575

Опубликовано: 09 янв. 2016
Источник: debian
EPSS Низкий

Описание

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
iceweaselfixed43.0.2-1package
iceweaselend-of-lifesqueezepackage
icedovefixed38.6.0-1package
icedoveend-of-lifesqueezepackage
nssfixed2:3.21-1package
nssnot-affectedsqueezepackage
nssnot-affectedwheezypackage
opensslfixed1.0.1f-1package
opensslnot-affectedsqueezepackage
openjdk-8fixed7u95-2.6.4-1package
openjdk-7fixed7u95-2.6.4-1package
openjdk-6removedpackage
gnutls28fixed3.3.15-1package
gnutls28fixed3.3.8-6+deb8u3jessiepackage
gnutls26removedpackage
gnutls26not-affectedsqueezepackage

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2015-150/

  • Patch in SuSE Bugzilla: https://bugzilla.suse.com/attachment.cgi?id=660286

  • NSS upstream fix is actually in 3.20.2: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes

  • NSS patch: https://hg.mozilla.org/projects/nss/raw-rev/891676aa0d85

  • OpenSSL fix: https://git.openssl.org/?p=openssl.git;a=commit;h=5e1ff664f95ab4c9176b3e86b5111e5777bad61a

  • http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/1ad1d1b46fef

  • http://gnutls.org/security.html#GNUTLS-SA-2015-2

  • http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html

  • https://gitlab.com/gnutls/gnutls/commit/7d9d5c61f8445dc9e9ca47bb575c77cef17da17a

  • https://gitlab.com/gnutls/gnutls/commit/0e3fc7881d37246fc2d51dc404cad95b205c0e1e

  • https://gitlab.com/gnutls/gnutls/commit/6822a37947d4e38c45b1afc0121cda35ba897182

  • https://www.openwall.com/lists/oss-security/2015/05/05/8

  • http://www.mitls.org/pages/attacks/SLOTH

EPSS

Процентиль: 83%
0.02005
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2015-7575

CVSS3: 5.9
ubuntu
больше 9 лет назад

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

redhat логотип

CVE-2015-7575

redhat
больше 9 лет назад

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

nvd логотип

CVE-2015-7575

CVSS3: 5.9
nvd
больше 9 лет назад

Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.

suse-cvrf логотип

openSUSE-SU-2016:0605-1

suse-cvrf
больше 9 лет назад

Security update for bouncycastle

suse-cvrf логотип

openSUSE-SU-2016:0162-1

suse-cvrf
больше 9 лет назад

Security update for mbedtls

EPSS

Процентиль: 83%
0.02005
Низкий