Sun Java Application Server SSLv2 Buffer Overflow Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1017143
|
|
SecurityTracker URL: http://securitytracker.com/id?1017143
|
|
CVE Reference: CVE-2006-5654
(Links to External Site)
|
Updated: Jun 3 2008
|
Original Entry Date: Nov 1 2006
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Version(s): 7
|
Description: A vulnerability was reported in Sun Java Application Server (Sun ONE). A remote user can cause denial of service conditions.
A remote user can cause the target service to crash due to a buffer overflow vulnerability in the Mozilla Network Security Services
(NSS) in the processing of the SSLv2 protocol.
The Sun Java System Web Server is also affected.
[Editor's note: Sun did not
indicate exactly which upstream NSS vulnerability this alert pertains to.]
|
Impact: A remote user can cause denial of service conditions.
|
Solution: Sun has issued the following fix (7 Update 3), available at:
http://www.sun.com/download/products.xml?id=438cfb75
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102670-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102670-1 (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Red Hat Linux), UNIX (Solaris - SunOS), Windows (2000)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 1 Nov 2006 02:41:48 -0500
Subject: A Vulnerability in Network Security Services (NSS) Affects Sun Java System Web Server and Sun ONE Application Server
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102670-1
|
|
