Digital Edition

SYS-CON.TV
NSS Library Flaw Affects Specific Netscape and Sun Servers
NSS Library Flaw Affects Specific Netscape and Sun Servers

"A vulnerability exists in the Netscape Network Security Services (NSS) library suite which may result in remote compromise of products making use of this library for Secure Sockets Layer (SSL) communication."

Thus begins the text of an advisory put out this week by the security firm Internet Security Sustems (ISS).

Netscape Enterprise Server and SunONE/Java System Web Server are widely used commercial wWb server platforms which make use of the NSS library, the ISS report notes, adding:

"There is a security flaw in the NSS library that can result in arbitrary code execution on vulnerable systems during SSLv2 connection negotiation."

If the SSLv2 protocol is enabled on vulnerable servers, a remote unauthenticated attacker may trigger a buffer overflow condition and execute arbitrary code, which has the potential to result in complete compromise of the target server, and exposure of any information held therein. In addition, SSL is often used to secure sensitive or valuable communications, making this a high-value target for attackers.

For what ISS calls "manual protection," a vendor-supplied update for the NSS library is available for download from the Mozilla ftp site: ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with exp...
When a company wants to develop an application, it must worry about many aspects: selecting the infr...
Financial enterprises in New York City, London, Singapore, and other world financial capitals are em...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with exp...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the U...
DevOps has long focused on reinventing the SDLC (e.g. with CI/CD, ARA, pipeline automation etc.), wh...
Most modern computer languages embed a lot of metadata in their application. We show how this goldmi...
Cloud Storage 2.0 has brought many innovations, including the availability of cloud storage services...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with exp...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...
Intel is an American multinational corporation and technology company headquartered in Santa Clara, ...
Data center, on-premise, public-cloud, private-cloud, multi-cloud, hybrid-cloud, IoT, AI, edge, SaaS...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures....
Today's workforce is trading their cubicles and corporate desktops in favor of an any-location, any-...
Artifex Software began 25-years ago with Ghostscript, a page description language (PDL) interpreter ...
ShieldX's CEO and Founder, Ratinder Ahuja, believes that traditional security solutions are not desi...
Is your enterprise growing the right skills to fight the digital transformation (DX) battles? With 6...
In an age of borderless networks, security for the cloud and security for the corporate network can ...
Now is the time for a truly global DX event, to bring together the leading minds from the technology...
Moving to Azure is the path to digital transformation, but not every journey is effective. Organizat...