Sun and Netscape NSS Library SSL Buffer Overflow 1.1
 
Plugin ID322
Plugin nameSun and Netscape NSS Library SSL Buffer Overflow
Plugin filenameSun and Netscape NSS Library SSL Buffer Overflow.plugin
Plugin filesize3454 bytes
Plugin familyMisc
Plugin created nameDavid Nester
Plugin created emaildavid at icrew dot org
Plugin created webhttp://www.icrew.org
Plugin created companyiCrew Security
Plugin created date2004/12/03
Plugin updated nameDavid Nester
Plugin updated emaildavid at icrew dot org
Plugin updated webhttp://www.icrew.org/
Plugin updated companyiCrew Security
Plugin updated date2004/12/05
Plugin version1.1
Plugin protocoltcp
Plugin port443
Plugin procedure detectionopen|send HEAD / HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### *iplanet* OR HTTP/#.# ### *sun* OR HTTP/#.# ### *netscape*
Plugin detection accuracy80
Plugin commentThis plugin was written with the ATK Attack Editor.
Bug published nameSun Microsystems
Bug published emailinfo at sun dot com
Bug published webhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-57643-1&searchclause=security
Bug published date2004/09/16
Bug produced nameSun and Netscape NSS Library
Bug produced emailinfo at sun dot com
Bug produced webhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-57643-1&searchclause=security
Bug not affectedOther versions or solutions
Bug vulnerability classBuffer Overflow
Bug descriptionA buffer overflow vulnerability in the Netscape NSS library, used by Netscape and Sun ONE Web severs to process Secure Sockets Layer requests, facilitates remote code execution. Code within the library fails to perform adequate bounds checking when processing SSLv2 requests. Specifically on a user-supplied record field within SSLv2 client hello messages sent during the creation of connections between a server and client. Data outside of the allocated buffer is placed in heap memory, and executed with the privileges of the Web server daemon.
Bug solutionThe NSS Library is open-source, and an updated version is available via FTP from the Mozilla Organization.Sun has released Sun Alert ID 57643 with information on how to obtain updates for Java Enterprise System.http://sunsolve.sun.com/search/document.do?assetkey=1-26-57643-1&searchclause=security
Bug fixing timeApprox. 1 hour
Bug exploit availabilityNo
Bug remoteYes
Bug localNo
Bug severityHigh
Bug popularity6
Bug simplicity1
Bug impact9
Bug risk8
Source LiteratureHacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X
Source Misc.http://sunsolve.sun.com/search/document.do?assetkey=1-26-57643-1&searchclause=security

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.