what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2020-12399

Status Candidate

Overview

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

Related Files

Debian Security Advisory 4726-1
Posted Jul 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4726-1 - Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in side channel/timing attacks or denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2019-17006, CVE-2019-17023, CVE-2020-12399, CVE-2020-12402
SHA-256 | f2cc1d54b85eb308f1b29e2cefa9d4fd5c0cd92ee2f46d7dd967404b92f9ed34
Gentoo Linux Security Advisory 202007-49
Posted Jul 27, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202007-49 - NSS has an information disclosure vulnerability when handling DSA keys. Versions less than 3.52.1 are affected.

tags | advisory, info disclosure
systems | linux, gentoo
advisories | CVE-2020-12399
SHA-256 | cd1e140dd4780b1f36cf34cfb5c7d085af67fc3aa3bc50a66b24ae1f364873c9
Ubuntu Security Notice USN-4421-1
Posted Jul 8, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4421-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. It was discovered that Thunderbird would continue an unencrypted connection when configured to use STARTTLS for IMAP if the server responded with PREAUTH. A remote attacker could potentially exploit this to perform a person-in-the-middle attack in order to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, imap
systems | linux, ubuntu
advisories | CVE-2020-12398, CVE-2020-12399, CVE-2020-12406, CVE-2020-12410, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421
SHA-256 | e29ba156301d1adef5ee70accc941815f87182af2911cd015ba0d303ce8a38ff
Debian Security Advisory 4695-1
Posted Jun 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4695-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or a timing attack on cryptographic keys.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2020-12399, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410
SHA-256 | b695facb6dd8cc0b879476ce552b9c195948f4bc518c27cb5f63cf8e335ff6e1
Debian Security Advisory 4702-1
Posted Jun 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4702-1 - Multiple security issues have been found in Thunderbird which could result in the setup of a non-encrypted IMAP connection, denial of service or potentially the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, imap
systems | linux, debian
advisories | CVE-2020-12398, CVE-2020-12399, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410
SHA-256 | d513edf1d7468e2dab27753b936d34950fbe909c5cde81e5cccba7e63432acc9
Ubuntu Security Notice USN-4397-2
Posted Jun 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4397-2 - USN-4397-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover DSA keys. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-12399
SHA-256 | 44583f689b36fe02f0eee010adcf4c31ac19a4cc039ce01115f8af4dacacc025
Ubuntu Security Notice USN-4397-1
Posted Jun 16, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4397-1 - It was discovered that NSS incorrectly handled the TLS State Machine. A remote attacker could possibly use this issue to cause NSS to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. Cesar Pereida Garcia discovered that NSS incorrectly handled DSA key generation. A local attacker could possibly use this issue to perform a timing attack and recover DSA keys. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2019-17023, CVE-2020-12399
SHA-256 | 2692888970cbb4e7e7c8fa5692c6beacf2f89b13d531ef62a9431f8e957091d9
Ubuntu Security Notice USN-4383-1
Posted Jun 5, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4383-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the addressbar, or execute arbitrary code. It was discovered that NSS showed timing differences when performing DSA signatures. An attacker could potentially exploit this to obtain private keys using a timing attack. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof
systems | linux, ubuntu
advisories | CVE-2020-12399, CVE-2020-12407, CVE-2020-12408, CVE-2020-12411
SHA-256 | 275aa1dbc98d8c1f1f63c59a5ec99a85629f398784fe354d12af97a619f77497
Page 1 of 1
Back1Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close