Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISSForum] ISS Protection Brief: Netscape NSS Library Remote Compromise

from [X-Force] Network Security [Permanent Link]
Subject: [ISSForum] ISS Protection Brief: Netscape NSS Library Remote Compromise
Date: Mon, 23 Aug 2004 14:42:43 -0400 (EDT) 
-----BEGIN PGP SIGNED MESSAGE-----


Internet Security Systems Protection Brief
August 23, 2004

Protection for Netscape NSS Library Remote Compromise

Summary:

A vulnerability exists in the Netscape Network Security Services (NSS) library 
suite which may result in remote compromise of products making use of this 
library for Secure Sockets Layer (SSL) communication. Netscape Enterprise 
Server and Sun One are widely used commercial web server platforms which make 
use of the NSS library. There is a security flaw in the NSS library that can 
result in arbitrary code execution on vulnerable systems during SSLv2 
connection negotiation. 

Business Impact:

If the SSLv2 protocol is enabled on vulnerable servers, a remote 
unauthenticated attacker may trigger a buffer overflow condition and execute 
arbitrary code. This has the potential to result in complete compromise of the 
target server, and exposure of any information held therein. In addition, SSL 
is often used to secure sensitive or valuable communications, making this a 
high-value target for attackers.

ISS Protection Strategy:

ISS has provided preemptive protection for these vulnerabilities.  We recommend 
that all customers apply applicable ISS product updates. 

These updates are now available from the ISS Download Center at:
http://www.iss.net/download.

For the complete X-Force Protection Advisory, please visit:
http://xforce/iss.net/alerts/id/180




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBQSo6WzRfJiV99eG9AQFpHAQAvbla7GbbpxWGyFewU/arRMh0ifwWnrdq
RtUeKW40hCeyiyG9Nwky1zdP+FoCn68wl15NnLrP5Efff7P9D6/sJcJu7BBW9GD4
6t9PCMwTFZwPRlS5IBbw9RtpfN1Rnk34zUpQTUYU4ZAfMo8SMTilXeIN/1MMqEqw
fvCLiupn5c8=
=mF29
-----END PGP SIGNATURE-----
_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISSForum] ISS Protection Brief: Netscape NSS Library Remote Compromise, X-Force <=
Previous by Date:  [ISSForum] Blocked events won't display in the console, Maclin, Billy
Next by Date:  [ISSForum] EC's loosing database rights - but not credentials, Duncanson, Robert
Previous by Thread:  [ISSForum] Blocked events won't display in the console, Maclin, Billy
Next by Thread:  [ISSForum] EC's loosing database rights - but not credentials, Duncanson, Robert
Indexes:  [Date] [Thread] [Top] [All Lists]