Plugin ID | 322 |
Plugin name | Sun and Netscape NSS Library SSL Buffer Overflow |
Plugin filename | Sun and Netscape NSS Library SSL Buffer Overflow.plugin |
Plugin filesize | 3454 bytes |
Plugin family | Misc |
Plugin created name | David Nester |
Plugin created email | david at icrew dot org |
Plugin created web | http://www.icrew.org |
Plugin created company | iCrew Security |
Plugin created date | 2004/12/03 |
Plugin updated name | David Nester |
Plugin updated email | david at icrew dot org |
Plugin updated web | http://www.icrew.org/ |
Plugin updated company | iCrew Security |
Plugin updated date | 2004/12/05 |
Plugin version | 1.1 |
Plugin protocol | tcp |
Plugin port | 443 |
Plugin procedure detection | open|send HEAD / HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### *iplanet* OR HTTP/#.# ### *sun* OR HTTP/#.# ### *netscape* |
Plugin detection accuracy | 80 |
Plugin comment | This plugin was written with the ATK Attack Editor. |
Bug published name | Sun Microsystems |
Bug published email | info at sun dot com |
Bug published web | http://sunsolve.sun.com/search/document.do?assetkey=1-26-57643-1&searchclause=security |
Bug published date | 2004/09/16 |
Bug produced name | Sun and Netscape NSS Library |
Bug produced email | info at sun dot com |
Bug produced web | http://sunsolve.sun.com/search/document.do?assetkey=1-26-57643-1&searchclause=security |
Bug not affected | Other versions or solutions |
Bug vulnerability class | Buffer Overflow |
Bug description | A buffer overflow vulnerability in the Netscape NSS library, used by Netscape and Sun ONE Web severs to process Secure Sockets Layer requests, facilitates remote code execution. Code within the library fails to perform adequate bounds checking when processing SSLv2 requests. Specifically on a user-supplied record field within SSLv2 client hello messages sent during the creation of connections between a server and client. Data outside of the allocated buffer is placed in heap memory, and executed with the privileges of the Web server daemon. |
Bug solution | The NSS Library is open-source, and an updated version is available via FTP from the Mozilla Organization.Sun has released Sun Alert ID 57643 with information on how to obtain updates for Java Enterprise System.http://sunsolve.sun.com/search/document.do?assetkey=1-26-57643-1&searchclause=security |
Bug fixing time | Approx. 1 hour |
Bug exploit availability | No |
Bug remote | Yes |
Bug local | No |
Bug severity | High |
Bug popularity | 6 |
Bug simplicity | 1 |
Bug impact | 9 |
Bug risk | 8 |
Source Literature | Hacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X |
Source Misc. | http://sunsolve.sun.com/search/document.do?assetkey=1-26-57643-1&searchclause=security |