J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1537
    posted: 11/06/09
  • NSM Daily Update #1537
    posted: 11/06/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1537
    posted: 11/06/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/06/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/05/09

Title: Mozilla Network Security Services Library Remote Heap Overflow Vulnerability

Severity: CRITICAL

Description:

Mozilla Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client/server applications.

NSS is prone to a remote heap-overflow vulnerability because it fails to perform sufficient boundary checks. Successful exploits may allow arbitrary code to run and may grant the attacker unauthorized access to a vulnerable computer.

This vulnerability presents itself when the SSLv2 protocol is enabled on a vulnerable server that employs the NSS library. Specifically, the buffer-overflow condition is triggered when a server processes the client 'hello' message, which is the initial record in an SSLv2 negotiation. The server fails to verify the length of the client 'hello' message, copying the user-supplied data into a finite buffer on the heap. This can allow an attacker to supply an excessive string value for the 'hello' message and cause the overflow condition in the server.

Given the nature of this vulnerability, the attacker may leverage the issue to corrupt values that are crucial to controlling program execution flow. Reportedly, this issue may be exploitable to execute arbitrary instructions in the context of the affected software. A successful attack may allow the attacker to gain superuser privileges on a vulnerable computer.

The NSS library is commonly used by Netscape Enterprise Server and Sun One/iPlanet servers. The SSLv2 protocol is not enabled by default on these servers. Other products may be affected as well.

Affected Products:

  • Galeon Galeon Browser 1.2.13
  • HP HP-UX B.11.00
  • HP HP-UX B.11.11
  • HP HP-UX B.11.23
  • Mozilla Browser 1.4.0
  • Mozilla Browser 1.4.0a
  • Mozilla Browser 1.4.0b
  • Mozilla Browser 1.4.1
  • Mozilla Browser 1.5.0
  • Mozilla Network Security Services (NSS) 3.2.0
  • Mozilla Network Security Services (NSS) 3.2.1
  • Mozilla Network Security Services (NSS) 3.3.0
  • Mozilla Network Security Services (NSS) 3.3.1
  • Mozilla Network Security Services (NSS) 3.3.2
  • Mozilla Network Security Services (NSS) 3.4.0
  • Mozilla Network Security Services (NSS) 3.4.1
  • Mozilla Network Security Services (NSS) 3.4.2
  • Mozilla Network Security Services (NSS) 3.5.0
  • Mozilla Network Security Services (NSS) 3.6.0
  • Mozilla Network Security Services (NSS) 3.6.1
  • Mozilla Network Security Services (NSS) 3.7.0
  • Mozilla Network Security Services (NSS) 3.7.1
  • Mozilla Network Security Services (NSS) 3.7.2
  • Mozilla Network Security Services (NSS) 3.7.3
  • Mozilla Network Security Services (NSS) 3.7.5
  • Mozilla Network Security Services (NSS) 3.7.7
  • Mozilla Network Security Services (NSS) 3.8.0
  • Mozilla Network Security Services (NSS) 3.9.0
  • Netscape Certificate Server 1.0.0P1
  • Netscape Certificate Server 4.2.0
  • Netscape Directory Server 1.3.0P5
  • Netscape Directory Server 3.1.0P1
  • Netscape Directory Server 3.12.0
  • Netscape Directory Server 4.1.0
  • Netscape Directory Server 4.11.0
  • Netscape Directory Server 4.12.0
  • Netscape Directory Server 4.13.0
  • Netscape Enterprise Server 2.0.0
  • Netscape Enterprise Server 2.0.0a
  • Netscape Enterprise Server 2.0.1C
  • Netscape Enterprise Server 3.0.0
  • Netscape Enterprise Server 3.0.0L
  • Netscape Enterprise Server 3.0.1
  • Netscape Enterprise Server 3.0.1B
  • Netscape Enterprise Server 3.1.0
  • Netscape Enterprise Server 3.2.0
  • Netscape Enterprise Server 3.3.0
  • Netscape Enterprise Server 3.4.0
  • Netscape Enterprise Server 3.5.0
  • Netscape Enterprise Server 3.51.0
  • Netscape Enterprise Server 3.6.0
  • Netscape Enterprise Server 3.6.0SP1
  • Netscape Enterprise Server 3.6.0SP2
  • Netscape Enterprise Server 3.6.0SP3
  • Netscape Enterprise Server 4.0.0
  • Netscape Enterprise Server 4.1.0SP3
  • Netscape Enterprise Server 4.1.0SP4
  • Netscape Enterprise Server 4.1.0SP5
  • Netscape Enterprise Server 4.1.0SP6
  • Netscape Enterprise Server 4.1.0SP7
  • Netscape Enterprise Server 4.1.0SP8
  • Netscape Enterprise Server for NetWare 4/5 3.0.7a
  • Netscape Enterprise Server for NetWare 4/5 4.1.1
  • Netscape Enterprise Server for NetWare 4/5 5.0.0
  • Netscape Enterprise Server for Solaris 3.5.0
  • Netscape Enterprise Server for Solaris 3.6.0
  • Netscape Personalization Engine
  • Sun Java Enterprise System 2003Q4
  • Sun Java Enterprise System 2004Q2
  • Sun Java System Application Server 7.0.0 Enterprise Edition
  • Sun Java System Application Server 7.0.0 Platform Edition
  • Sun Java System Application Server 7.0.0 Standard Edition
  • Sun Java System Application Server 7.0.0 UR4
  • Sun Java System Application Server 7.1.0
  • Sun ONE Application Server 6.0.0
  • Sun ONE Application Server 6.0.0 SP1
  • Sun ONE Application Server 6.0.0 SP2
  • Sun ONE Application Server 6.0.0 SP3
  • Sun ONE Application Server 6.0.0 SP4
  • Sun ONE Application Server 6.5.0
  • Sun ONE Application Server 6.5.0 MU1
  • Sun ONE Application Server 6.5.0 MU2
  • Sun ONE Application Server 6.5.0 MU3
  • Sun ONE Application Server 6.5.0 SP1
  • Sun ONE Application Server 6.5.0 SP1 MU1
  • Sun ONE Application Server 6.5.0 SP1 MU2
  • Sun ONE Application Server 7.0.0 Platform Edition
  • Sun ONE Application Server 7.0.0 Standard Edition
  • Sun ONE Application Server 7.0.0UR1 Platform Edition
  • Sun ONE Application Server 7.0.0UR1 Standard Edition
  • Sun ONE Application Server 7.0.0UR2 Platform Edition
  • Sun ONE Application Server 7.0.0UR2 Standard Edition
  • Sun ONE Application Server 7.0.0UR2 Upgrade Platform
  • Sun ONE Application Server 7.0.0UR2 Upgrade Standard
  • Sun ONE Certificate Server 4.1.0
  • Sun ONE Directory Server 4.16.0
  • Sun ONE Directory Server 4.16.0 SP1
  • Sun ONE Directory Server 5.0.0
  • Sun ONE Directory Server 5.0.0 SP1
  • Sun ONE Directory Server 5.0.0 SP2
  • Sun ONE Directory Server 5.1.0
  • Sun ONE Directory Server 5.1.0 SP1
  • Sun ONE Directory Server 5.1.0 SP2
  • Sun ONE Directory Server 5.1.0 SP3
  • Sun ONE Directory Server 5.1.0 SP3 x86
  • Sun ONE Directory Server 5.1.0 x86
  • Sun ONE Directory Server 5.2.0
  • Sun ONE Web Server 4.1.0
  • Sun ONE Web Server 4.1.0SP1
  • Sun ONE Web Server 4.1.0SP10
  • Sun ONE Web Server 4.1.0SP11
  • Sun ONE Web Server 4.1.0SP12
  • Sun ONE Web Server 4.1.0SP13
  • Sun ONE Web Server 4.1.0SP14
  • Sun ONE Web Server 4.1.0SP2
  • Sun ONE Web Server 4.1.0SP3
  • Sun ONE Web Server 4.1.0SP4
  • Sun ONE Web Server 4.1.0SP5
  • Sun ONE Web Server 4.1.0SP5
  • Sun ONE Web Server 4.1.0SP6
  • Sun ONE Web Server 4.1.0SP7
  • Sun ONE Web Server 4.1.0SP8
  • Sun ONE Web Server 4.1.0SP9
  • Sun ONE Web Server 6.0.0
  • Sun ONE Web Server 6.0.0 SP1
  • Sun ONE Web Server 6.0.0 SP2
  • Sun ONE Web Server 6.0.0 SP3
  • Sun ONE Web Server 6.0.0 SP4
  • Sun ONE Web Server 6.0.0 SP5
  • Sun ONE Web Server 6.0.0 SP6
  • Sun ONE Web Server 6.0.0 SP7
  • Sun ONE Web Server 6.0.0 SP8
  • Sun ONE Web Server 6.1.0
  • Sun ONE Web Server 6.1.0 SP1
  • Sun ONE Web Server 6.1.0 SP2
  • Sun Solaris 8
  • Sun Solaris 8_x86
  • Sun Solaris 9
  • Sun Solaris 9_x86

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.