Is it just me, or does the lack of real information in this advisory and the apparent disconnect between the description of the vulnerability and the patch annoy anyone else? Is there someone who can give details on what this attack is? It sounds, from the fix, like it is the SSL handshake bug that was already mentioned on the list on July 6, 1999. However, the description in the advisory makes one wonder if it isn't something else since they say it is an _HTTP_ GET overflow and don't mention anything about it affecting SSL handshaking or only affecting SSL-enabled servers. Additionally, the SSL handshake bug affects 3.5.1 as well as 3.6sp2 (see http://help.netscape.com/business/filelib.html) so if this advisory is really about the SSL bug, it is in error by only mentioning 3.6sp2. I have the flex check for ISS Internet Scanner, so I can perhaps investigate what it is up to in order to provide more information. I've used the flex check to scan some non-SSL 3.6sp2 servers and it didn't alarm so maybe it is an SSL prob. In the meantime: Hey ISS and Netscape: release some details! Release an updated, correct advisory, at least. -Jason AT&T Wireless Services IT Security UNIX Security Operations Specialist