Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] SSL Vulnerability??

from [JV] Network Security [Permanent Link]
Subject: [Full-Disclosure] SSL Vulnerability??
Date: Thu, 26 Aug 2004 16:16:33 -0700 (PDT) 

Here?s an interesting link having to do with a vulnerability found in the 
Netscape NSS library which will impact any ?products making use of the library 
for SSL communication?. Might be possible to remotely compromise any sites 
affected by this issue.

 

This has the potential to be very ugly since any site using SSL is usually 
trying to protect something valuable? banking, health information, etc.. 

 

Some products making use of this library suite are:

Netscape - Enterprise Server (NES) - All known versions

Netscape - Personalization Engine (NPE) - All known versions

Netscape - Directory Server (NDS) - All known versions

Netscape - Certificate Management Server (CMS) - All known versions

Sun  - Sun One/iPlanet - All known versions

Any application or product that integrates the NSS library suite and

which implements SSLv2 ciphers

 

 

Check out this link for more info and vendor supplied patches, etc.
http://xforce.iss.net/xforce/alerts/id/180
 
- Jesse

                
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] SSL Vulnerability??, JV <=
Previous by Date:  Re: Betr.: RE: [Full-Disclosure] Automated ssh scanning, Blue Boar
Next by Date:  Re: [Full-Disclosure] Automated ssh scanning, Henrik Persson
Previous by Thread:  [Full-Disclosure] U.S. National Security Awareness Day (NSAD), Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA
Next by Thread:  [Full-Disclosure] MDKSA-2004:087 - Updated kernel packages fix multiple vulnerabilities, Mandrake Linux Security Team
Indexes:  [Date] [Thread] [Top] [All Lists]