-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Protection Brief August 23, 2004 Protection for Netscape NSS Library Remote Compromise Summary: A vulnerability exists in the Netscape Network Security Services (NSS) library suite which may result in remote compromise of products making use of this library for Secure Sockets Layer (SSL) communication. Netscape Enterprise Server and Sun One are widely used commercial web server platforms which make use of the NSS library. There is a security flaw in the NSS library that can result in arbitrary code execution on vulnerable systems during SSLv2 connection negotiation. Business Impact: If the SSLv2 protocol is enabled on vulnerable servers, a remote unauthenticated attacker may trigger a buffer overflow condition and execute arbitrary code. This has the potential to result in complete compromise of the target server, and exposure of any information held therein. In addition, SSL is often used to secure sensitive or valuable communications, making this a high-value target for attackers. ISS Protection Strategy: ISS has provided preemptive protection for these vulnerabilities. We recommend that all customers apply applicable ISS product updates. These updates are now available from the ISS Download Center at: http://www.iss.net/download. For the complete X-Force Protection Advisory, please visit: http://xforce/iss.net/alerts/id/180 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBQSo6WzRfJiV99eG9AQFpHAQAvbla7GbbpxWGyFewU/arRMh0ifwWnrdq RtUeKW40hCeyiyG9Nwky1zdP+FoCn68wl15NnLrP5Efff7P9D6/sJcJu7BBW9GD4 6t9PCMwTFZwPRlS5IBbw9RtpfN1Rnk34zUpQTUYU4ZAfMo8SMTilXeIN/1MMqEqw fvCLiupn5c8= =mF29 -----END PGP SIGNATURE----- _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
