Digital Edition

SYS-CON.TV
NSS Library Flaw Affects Specific Netscape and Sun Servers
NSS Library Flaw Affects Specific Netscape and Sun Servers

"A vulnerability exists in the Netscape Network Security Services (NSS) library suite which may result in remote compromise of products making use of this library for Secure Sockets Layer (SSL) communication."

Thus begins the text of an advisory put out this week by the security firm Internet Security Sustems (ISS).

Netscape Enterprise Server and SunONE/Java System Web Server are widely used commercial wWb server platforms which make use of the NSS library, the ISS report notes, adding:

"There is a security flaw in the NSS library that can result in arbitrary code execution on vulnerable systems during SSLv2 connection negotiation."

If the SSLv2 protocol is enabled on vulnerable servers, a remote unauthenticated attacker may trigger a buffer overflow condition and execute arbitrary code, which has the potential to result in complete compromise of the target server, and exposure of any information held therein. In addition, SSL is often used to secure sensitive or valuable communications, making this a high-value target for attackers.

For what ISS calls "manual protection," a vendor-supplied update for the NSS library is available for download from the Mozilla ftp site: ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing w...
Enterprises are striving to become digital businesses for differentiated innovation and customer-cen...
DXWorldEXPO LLC announced today that Telecom Reseller has been named "Media Sponsor" of CloudEXPO | ...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As au...
Consumer-driven contracts are an essential part of a mature microservice testing portfolio enabling ...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitori...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, ...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple ...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use ...
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 20...
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st I...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, disc...
In this presentation, you will learn first hand what works and what doesn't while architecting and d...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22n...
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provid...
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT...
Everyone wants the rainbow - reduced IT costs, scalability, continuity, flexibility, manageability, ...
The standardization of container runtimes and images has sparked the creation of an almost overwhelm...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 1...
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point wh...