[prev in list] [next in list] [prev in thread] [next in thread]
List: nfr-users
Subject: [nfr-users] RAPID RESPONSE: Update for Netscape NSS overflow (Version 7)
From: Matt Bing <mbing () nfr ! net>
Date: 2004-08-23 23:57:38
Message-ID: 20040823235738.GE408 () mothra ! bing ! nfr ! net
[Download RAW message or body]
SSL Update Version 7
The NFR RRT has updated the SSL package to handle a buffer overflow in
Netscape's NSS library.
WHY THIS IS IMPORTANT
This indicates an attempt to exploit a buffer overflow in Netscape
NSS.
TECHNICAL INFORMATION
Netscape's implementation of SSL, NSS, does no boundary checking when
copying the SSLv2 challenge with an arbitrary length. This results in
a heap overflow that can lead to execution of arbitrary code.
With a ClientHello message, the SSL specification indicates a maximum
of 32 bytes for the client challenge, specified by a 2-byte length
field. This backend will alert on any challenge length greater than 32
bytes.
FALSE POSITIVES
None known
REFERENCES
* SSL 2.0 Protocol Specification
http://wp.netscape.com/eng/security/SSL_2.html
--
Matt Bing
NFR Security
Rapid Response Team
_______________________________________________
nfr-users mailing list
nfr-users@nfr.com
http://list.nfr.com/mailman/listinfo/nfr-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic