[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISSForum] ISS Protection Brief: Netscape NSS Library Remote Compromise



-----BEGIN PGP SIGNED MESSAGE-----


Internet Security Systems Protection Brief
August 23, 2004

Protection for Netscape NSS Library Remote Compromise

Summary:

A vulnerability exists in the Netscape Network Security Services (NSS) library suite which may result in remote compromise of products making use of this library for Secure Sockets Layer (SSL) communication. Netscape Enterprise Server and Sun One are widely used commercial web server platforms which make use of the NSS library. There is a security flaw in the NSS library that can result in arbitrary code execution on vulnerable systems during SSLv2 connection negotiation. 

Business Impact:

If the SSLv2 protocol is enabled on vulnerable servers, a remote unauthenticated attacker may trigger a buffer overflow condition and execute arbitrary code. This has the potential to result in complete compromise of the target server, and exposure of any information held therein. In addition, SSL is often used to secure sensitive or valuable communications, making this a high-value target for attackers.

ISS Protection Strategy:

ISS has provided preemptive protection for these vulnerabilities.  We recommend that all customers apply applicable ISS product updates. 

These updates are now available from the ISS Download Center at:
http://www.iss.net/download.

For the complete X-Force Protection Advisory, please visit:
http://xforce/iss.net/alerts/id/180




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBQSo6WzRfJiV99eG9AQFpHAQAvbla7GbbpxWGyFewU/arRMh0ifwWnrdq
RtUeKW40hCeyiyG9Nwky1zdP+FoCn68wl15NnLrP5Efff7P9D6/sJcJu7BBW9GD4
6t9PCMwTFZwPRlS5IBbw9RtpfN1Rnk34zUpQTUYU4ZAfMo8SMTilXeIN/1MMqEqw
fvCLiupn5c8=
=mF29
-----END PGP SIGNATURE-----
_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.