|
| From: | X-FORCE | | Date: | 25.08.2004 | | Subject: | ISS Protection Brief: Netscape NSS Library Remote Compromise |
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Protection Brief
August 23, 2004
Protection for Netscape NSS Library Remote Compromise
Summary:
A vulnerability exists in the Netscape Network Security Services (NSS) library
suite which may result in remote compromise of products making use of this
library for Secure Sockets Layer (SSL) communication. Netscape Enterprise Server
and Sun One are widely used commercial web server platforms which make use of
the NSS library. There is a security flaw in the NSS library that can result in
arbitrary code execution on vulnerable systems during SSLv2 connection
negotiation.
Business Impact:
If the SSLv2 protocol is enabled on vulnerable servers, a remote
unauthenticated attacker may trigger a buffer overflow condition and execute
arbitrary code. This has the potential to result in complete compromise of the
target server, and exposure of any information held therein. In addition, SSL is
often used to secure sensitive or valuable communications, making this a
high-value target for attackers.
ISS Protection Strategy:
ISS has provided preemptive protection for these vulnerabilities. We recommend
that all customers apply applicable ISS product updates.
These updates are now available from the ISS Download Center at:
http://www.iss.net/download.
For the complete X-Force Protection Advisory, please visit:
http://xforce/iss.net/alerts/id/180
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBQSo6WzRfJiV99eG9AQFpHAQAvbla7GbbpxWGyFewU/arRMh0ifwWnrdq
RtUeKW40hCeyiyG9Nwky1zdP+FoCn68wl15NnLrP5Efff7P9D6/sJcJu7BBW9GD4
6t9PCMwTFZwPRlS5IBbw9RtpfN1Rnk34zUpQTUYU4ZAfMo8SMTilXeIN/1MMqEqw
fvCLiupn5c8=
=mF29
-----END PGP SIGNATURE-----
|
