Sicherheit: Mangelnde Prüfung von Zertifikaten in mod_nss
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Zertifikaten in mod_nss
ID: FEDORA-2013-22730
Distribution: Fedora
Plattformen: Fedora 20
Datum: Sa, 14. Dezember 2013, 10:31
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4566
Applikationen: mod_nss


Name        : mod_nss
Product : Fedora 20
Version : 1.0.8
Release : 28.fc20
URL : http://directory.fedoraproject.org/wiki/Mod_nss
Summary : SSL/TLS module for the Apache HTTP server
Description :
The mod_nss module provides strong cryptography for the Apache Web
server via the Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols using the Network Security Services (NSS)
security library.

Update Information:

A flaw was found in the way NSSVerifyClient was handled when used in both
server / vhost context as well as directory context (specified either via <Directory> or <Location> directive). If 'NSSVerifyClient none' was set in the server / vhost context (i.e. when server is configured to not request or require client certificate authentication on the initial connection), and client certificate authentication was expected to be required for a specific directory via 'NSSVerifyClient require' setting, mod_nss failed to properly require expected certificate authentication. Remote attacker able to connect to the web server using such mod_nss configuration and without a valid client certificate could possibly use this flaw to access content of the restricted directories.

* Tue Dec 3 2013 Rob Crittenden <rcritten@redhat.com> - 1.0.8-28
- Resolves: CVE-2013-4566, bz #1036940
- [mod_nss-nssverifyclient.patch]
- Bugzilla Bug #1037722 - CVE-2013-4566 mod_nss: incorrect handling of
NSSVerifyClient in directory context [fedora-all] (rcritten)
- Bugzilla Bug #1037761 - mod_nss does not respect `NSSVerifyClient` in
Directory (rcritten)
- [mod_nss-usecases.patch]
- Bugzilla Bug #1036940 - [DOC] making mod_nss work in FIPS mode (mharmsen)

[ 1 ] Bug #1016832 - CVE-2013-4566 mod_nss: incorrect handling of
NSSVerifyClient in directory context

This update can be installed with the "yum" update program. Use
su -c 'yum update mod_nss' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Pro-Linux @Facebook
Neue Nachrichten