Note: This is an archival copy of Security Sun Alert 200266 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000208.1. |
Category Security Release Phase Resolved 5069683 Date of Resolved Release 16-SEP-2004 A buffer overflow vulnerability exists in the Netscape Network Security Services (NSS) ... 1. Impact A buffer overflow vulnerability exists in the Netscape Network Security Services (NSS) library suite that is a security component used by most of the Sun Java Enterprise System (JES) components such as Web Server, App Server and Portal Server. This vulnerability may allow a remote unprivileged user to execute arbitrary code on vulnerable systems during SSLv2 connection negotiation. This issue is described in the Internet Security Systems Advisory at http://xforce.iss.net/xforce/alerts/id/180. Additional information about JES 2004Q2 can be found at http://wwws.sun.com/software/javaenterprisesystem/. Additional information about NSS can be found at http://www.mozilla.org/projects/security/pki/nss/. 2. Contributing Factors This issue can occur in the following releases: SPARC Platform
x86 Platform
Note: Sun Java Enterprise System was not available for Solaris 8 on the x86 Platform for 2003Q4 and 2004Q2 releases. To determine the current library version, the following command can be used: # /usr/bin/pkgparam SUNWtls SUNW_PRODVERS 3.3. The major JES components that utilize NSS are:
3. Symptoms There are no visible symptoms that would indicate the described issue has been exploited. 4. Workaround There is no workaround. Please see the "Resolution" section below. 5. Resolution This issue is addressed in the following releases: SPARC Platform
x86 Platform
Notes:
Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. Product Sun Java Enterprise System 2003Q4 References114045-12115924-09 114049-12 115926-10 114050-12 115927-10 Attachments This solution has no attachment |
|