Digital Edition

SYS-CON.TV
NSS Library Flaw Affects Specific Netscape and Sun Servers
NSS Library Flaw Affects Specific Netscape and Sun Servers

"A vulnerability exists in the Netscape Network Security Services (NSS) library suite which may result in remote compromise of products making use of this library for Secure Sockets Layer (SSL) communication."

Thus begins the text of an advisory put out this week by the security firm Internet Security Sustems (ISS).

Netscape Enterprise Server and SunONE/Java System Web Server are widely used commercial wWb server platforms which make use of the NSS library, the ISS report notes, adding:

"There is a security flaw in the NSS library that can result in arbitrary code execution on vulnerable systems during SSLv2 connection negotiation."

If the SSLv2 protocol is enabled on vulnerable servers, a remote unauthenticated attacker may trigger a buffer overflow condition and execute arbitrary code, which has the potential to result in complete compromise of the target server, and exposure of any information held therein. In addition, SSL is often used to secure sensitive or valuable communications, making this a high-value target for attackers.

For what ISS calls "manual protection," a vendor-supplied update for the NSS library is available for download from the Mozilla ftp site: ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

SUSE is a German-based, multinational, open-source software company that develops and sells Linux pr...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism...
NanoVMs is the only production ready unikernel infrastructure solution on the market today. Unikerne...
Big Switch's mission is to disrupt the status quo of networking with order of magnitude improvements...
Yottabyte is a software-defined data center (SDDC) company headquartered in Bloomfield Township, Oak...
Dynatrace is an application performance management software company with products for the informatio...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...
All in Mobile is a mobile app agency that helps enterprise companies and next generation startups bu...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...
Blockchain is a new buzzword that promises to revolutionize the way we manage data. If the data is s...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the m...
Serveless Architectures brings the ability to independently scale, deploy and heal based on workload...
I spend a lot of time helping organizations to “think like a data scientist.” My book “Big Data MBA:...
The standardization of container runtimes and images has sparked the creation of an almost overwhelm...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it wil...
Wasabi is the hot cloud storage company delivering low-cost, fast, and reliable cloud storage. Wasab...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitori...
David Friend is the co-founder and CEO of Wasabi, the hot cloud storage company that delivers fast, ...
In addition to 22 Keynotes and General Sessions, attend all FinTechEXPO Blockchain "education sessio...
Early Bird Registration Discount Expires on August 31, 2018 Conference Registration Link ▸ HERE. Pic...