NSS Library SSLv2 Challenge Overflow
|
|
Article ID: 14361
Last updated: 27 Jan, 2009
|
|
|
|
Views: 393
|
|
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.
|
|
NSS Library SSLv2 Challenge Overflow |
|
| This script is Copyright (C) 2004 Digital Defense |
|
|
| Family | Gain a shell remotely |
| Plugin ID | 14361 |
| Bugtraq ID | 11015
|
| CVE ID | CVE-2004-0826
|
|
| Description: |
The remote host seems to be using the Mozilla Network Security Services (NSS)
Library, a set of libraries designed to support the developement of
security-enabled client/server application.
There seems to be a flaw in the remote version of this library, in the SSLv2
handling code, which may allow an attacker to cause a heap overflow and
therefore execute arbitrary commands on the remote host. To exploit this
flaw, an attacker would need to send a malformed SSLv2 hello message
to the remote service.
Solution : Upgrade the remote service to use NSS 3.9.2 or newer.
Risk factor : High |
|
