[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISSForum] ISS Protection Brief: Netscape NSS Library Remote Compromise
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Protection Brief
August 23, 2004
Protection for Netscape NSS Library Remote Compromise
A vulnerability exists in the Netscape Network Security Services (NSS) library suite which may result in remote compromise of products making use of this library for Secure Sockets Layer (SSL) communication. Netscape Enterprise Server and Sun One are widely used commercial web server platforms which make use of the NSS library. There is a security flaw in the NSS library that can result in arbitrary code execution on vulnerable systems during SSLv2 connection negotiation.
If the SSLv2 protocol is enabled on vulnerable servers, a remote unauthenticated attacker may trigger a buffer overflow condition and execute arbitrary code. This has the potential to result in complete compromise of the target server, and exposure of any information held therein. In addition, SSL is often used to secure sensitive or valuable communications, making this a high-value target for attackers.
ISS Protection Strategy:
ISS has provided preemptive protection for these vulnerabilities. We recommend that all customers apply applicable ISS product updates.
These updates are now available from the ISS Download Center at:
For the complete X-Force Protection Advisory, please visit:
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
ISSForum mailing list
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.