SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Netscape Vendors:   America Online, Inc.
Netscape Network Security Services (NSS) Library SSLv2 Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1011034
SecurityTracker URL:  http://securitytracker.com/id/1011034
CVE Reference:   CVE-2004-0826   (Links to External Site)
Updated:  Sep 2 2004
Original Entry Date:  Aug 23 2004
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the Netscape Network Security Services (NSS) library. A remote user may be able to execute arbitrary code on the target system.

Internet Security Systems reported that there is a buffer overflow in the processing of Secure Sockets Layer (SSL) version 2 packets. A remote user can trigger the buffer overflow during SSLv2 connection negotiation to execute arbitrary code on the target system.

It is reported that the library does not properly validate the length of a user-supplied record field in the SSLv2 client hello message. Systems using the NSS library with SSLv2 are affected.

The NSS library is used by several Netscape products, including the Enterprise Server (NES), Personalization Engine (NPE), Directory Server (NDS), and Certificate Management Server (CMS). Sun One/iPlanet is also affected.

According to the report, SSLv2 is disabled by default on Netscape Enterprise Server and Sun One.

Mark Dowd of ISS X-Force is credited with discovering this flaw.

The original advisory is available at:

http://xforce.iss.net/xforce/alerts/id/180

Impact:   A remote user may be able to execute arbitrary code on the target system with the privileges of the target web server.
Solution:   Mozilla has issued a fix for NSS, available at:

ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM

Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 24 2004 (HP Describes Workaround) Netscape Network Security Services (NSS) Library SSLv2 Buffer Overflow Lets Remote Users Execute Arbitrary Code
HP has issued a security bulletin.
Sep 17 2004 (Sun Issues Fix for Java Enterprise System) Netscape Network Security Services (NSS) Library SSLv2 Buffer Overflow Lets Remote Users Execute Arbitrary Code
Sun has issued a fix for the Java Enterprise System.



 Source Message Contents

Subject:  ISS Protection Brief: Netscape NSS Library Remote Compromise


-----BEGIN PGP SIGNED MESSAGE-----


Internet Security Systems Protection Brief
August 23, 2004

Protection for Netscape NSS Library Remote Compromise

Summary:

A vulnerability exists in the Netscape Network Security Services (NSS) library suite which may result in remote compromise of products
 making use of this library for Secure Sockets Layer (SSL) communication. Netscape Enterprise Server and Sun One are widely used commercial
 web server platforms which make use of the NSS library. There is a security flaw in the NSS library that can result in arbitrary
 code execution on vulnerable systems during SSLv2 connection negotiation. 

Business Impact:

If the SSLv2 protocol is enabled on vulnerable servers, a remote unauthenticated attacker may trigger a buffer overflow condition
 and execute arbitrary code. This has the potential to result in complete compromise of the target server, and exposure of any information
 held therein. In addition, SSL is often used to secure sensitive or valuable communications, making this a high-value target for
 attackers.

ISS Protection Strategy:

ISS has provided preemptive protection for these vulnerabilities.  We recommend that all customers apply applicable ISS product updates.
 

These updates are now available from the ISS Download Center at:
http://www.iss.net/download.

For the complete X-Force Protection Advisory, please visit:
http://xforce/iss.net/alerts/id/180




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBQSo6WzRfJiV99eG9AQFpHAQAvbla7GbbpxWGyFewU/arRMh0ifwWnrdq
RtUeKW40hCeyiyG9Nwky1zdP+FoCn68wl15NnLrP5Efff7P9D6/sJcJu7BBW9GD4
6t9PCMwTFZwPRlS5IBbw9RtpfN1Rnk34zUpQTUYU4ZAfMo8SMTilXeIN/1MMqEqw
fvCLiupn5c8=
=mF29
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC