Netscape Network Security Services (NSS) Library SSLv2 Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID: 1011034|
SecurityTracker URL: http://securitytracker.com/id/1011034
(Links to External Site)
Updated: Sep 2 2004|
Original Entry Date: Aug 23 2004
Execution of arbitrary code via network, Root access via network, User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
A vulnerability was reported in the Netscape Network Security Services (NSS) library. A remote user may be able to execute arbitrary code on the target system.|
Internet Security Systems reported that there is a buffer overflow in the processing of Secure Sockets Layer (SSL) version 2 packets. A remote user can trigger the buffer overflow during SSLv2 connection negotiation to execute arbitrary code on the target system.
It is reported that the library does not properly validate the length of a user-supplied record field in the SSLv2 client hello message. Systems using the NSS library with SSLv2 are affected.
The NSS library is used by several Netscape products, including the Enterprise Server (NES), Personalization Engine (NPE), Directory Server (NDS), and Certificate Management Server (CMS). Sun One/iPlanet is also affected.
According to the report, SSLv2 is disabled by default on Netscape Enterprise Server and Sun One.
Mark Dowd of ISS X-Force is credited with discovering this flaw.
The original advisory is available at:
A remote user may be able to execute arbitrary code on the target system with the privileges of the target web server.|
Mozilla has issued a fix for NSS, available at:|
|Underlying OS: Linux (Any), UNIX (Any), Windows (Any)|
This archive entry has one or more follow-up message(s) listed below.|
Source Message Contents
Subject: ISS Protection Brief: Netscape NSS Library Remote Compromise|
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Protection Brief
August 23, 2004
Protection for Netscape NSS Library Remote Compromise
A vulnerability exists in the Netscape Network Security Services (NSS) library suite which may result in remote compromise of products
making use of this library for Secure Sockets Layer (SSL) communication. Netscape Enterprise Server and Sun One are widely used commercial
web server platforms which make use of the NSS library. There is a security flaw in the NSS library that can result in arbitrary
code execution on vulnerable systems during SSLv2 connection negotiation.
If the SSLv2 protocol is enabled on vulnerable servers, a remote unauthenticated attacker may trigger a buffer overflow condition
and execute arbitrary code. This has the potential to result in complete compromise of the target server, and exposure of any information
held therein. In addition, SSL is often used to secure sensitive or valuable communications, making this a high-value target for
ISS Protection Strategy:
ISS has provided preemptive protection for these vulnerabilities. We recommend that all customers apply applicable ISS product updates.
These updates are now available from the ISS Download Center at:
For the complete X-Force Protection Advisory, please visit:
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----