9116 : Netscape Network Security Services (NSS) Library SSLv2 Challenge Overflow
Printer | http://osvdb.org/9116 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
8	1995	over 8 years ago	over 2 years ago	6 times	90%

Timeline

Disclosure Date
2004-08-23

Description

A remote overflow exists in the Network Security Services library. The library fails to validate the length of the "challenge" field during negotiation of the SSLv2 protocol. This library is used by many commercial and open-source products to provide SSL services. Affected applications include the Netscape Enterprise web server, the SunONE web, directory, and mail servers, and a large number of open-source application servers. Successful exploitation of this issue may result in arbitrary code execution with the privileges of the vulnerable service, leading to a lack of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Commercial
OSVDB: Web Related

Solution

The solution to this vulnerability depends on the affected application. In most situations, you can simply replace the NSS library with the latest version from the Mozilla Organization. Version 3.9.2 and newer of the NSS library are not vulnerable to this flaw. In the case of commercial applications, the vendor should be able to provide you with a patched version of the product. It is also possible to correct the flaw by implementing the following workaround(s):

Disable the SSLv2 protocol and all SSLv2 ciphers. The process for accomplishing this task depends on the specific application.

Products

Mozilla Organization	Network Security Services	3.2
		3.2.1
		3.3
		3.3.1
		3.3.2
		3.4
		3.4.1
		3.4.2
		3.5
		3.6
		3.6.1
		3.7.1
		3.7.2
		3.7.3
		3.7.5
		3.7.7
		3.8
		3.9
		3.9.2
		3.2
		3.2.1
		3.3
		3.3.1
		3.3.2
		3.4
		3.4.1
		3.4.2
		3.5
		3.6
		3.6.1
		3.7.1
		3.7.2
		3.7.3
		3.7.5
		3.7.7
		3.8
		3.9
		3.9.2

Sun Microsystems, Inc.	Java Enterprise System	2004Q2
		2004Q2
		2003Q4
		2003Q4

References

Security Tracker: 1011034
Bugtraq ID: 11015
Secunia Advisory ID: 12362 12378 12379 12599
ISS X-Force ID: 16314
CVE ID: 2004-0826 (see also: NVD)
SCIP VulDB ID: 803
Keyword: Certificate Management Server CMS Directory Server Enterprise Server iPlanet NDS NES Netscape NPE Personalization Engine Sun One
Vendor Specific Solution URL: http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM
Generic Exploit URL: http://immunitysec.com
Vendor Specific Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-1-5092336-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57632-1&searchclause=security
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57643-1
Vendor URL: http://www.mozilla.org/projects/security/pki/nss/
Other Advisory URL: http://xforce.iss.net/xforce/alerts/id/180
CIAC Advisory: o-204

Tools & Filters

	14361 14440
Snort	15897 2656
	2133 2134
	nss

Credit

Mark Dowd - Avertavertlabs.com - McAfee Avert(tm) Labs
Mark Dowd - Avertavertlabs.com - McAfee Avert(tm) Labs

CVSSv2 Score

CVSSv2 Base Score = 7.5
Source: nvd.nist.gov | Generated: 2005-06-15 | Disagree?

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.