CVE-2015-2721

Novell Suse Linux Enterprise Software... - Cryptographic Issue

Title source: rule
STIX 2.1

Description

Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue.

References (29)

Core 29
Core References
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/83398
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201512-10
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-46
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75541
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1185.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032784
Exploit, Issue Tracking, VDB Entry, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1086145
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html
Third Party Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/91787
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1664.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2656-1
Technical Description x_refsource_misc
https://smacktls.com
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032783
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2656-2
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3336
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3324
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2672-1
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2673-1

Scores

EPSS 0.0051
EPSS Percentile 66.7%

Details

CWE
CWE-310
Status published
Products (13)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 14.10
canonical/ubuntu_linux 15.04
debian/debian_linux 7.0
debian/debian_linux 8.0
mozilla/network_security_services 3.19
novell/suse_linux_enterprise_desktop 12.0
novell/suse_linux_enterprise_server 11 sp4
novell/suse_linux_enterprise_server 12.0
... and 3 more
Published Jul 06, 2015
Tracked Since Feb 18, 2026