Vuln in Iplanet / Netscape web server ?

From: Laurence Moughan (Laurence.Moughan@aerlingus.com)
Date: Wed Mar 14 2007 - 04:21:12 EST

• Next message: Steven Sim: "Failure of to enable telnet service in Solaris 10"
• Previous message: Bhaskar G: "Solaris 9, syslogd problem."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi All,

my Snort IDS is reporting an attempt using this below vuln, Last update i can
find re this is back in 2004, does anyone know if this is still an issue in
6.1 of netscape/iplanet ?

Thanks
Laurence

 1:2657 Message WEB-MISC SSLv2 Client_Hello with pad Challenge Length overflow
attempt Summary This event is generated when an attempt is made to exploit a
vulnerability
associated with Netscape Network Security Services (NSS) message parsing.
Impact A successful attack can cause a heap overflow and the subsequent
execution
of arbitrary code on a vulnerable server.
Detailed Information A vulnerability exists in the way NSS parses a client
connect SSLv2 message
that can cause a heap overflow and the subsequent execution of arbitrary code
on a vulnerable server. This can occur when an overly long challenge length
and accompanying data are supplied in a Client Hello message.
Affected Systems Netscape Enterprise Webserver all versions
Netscape Personalization Engine all versions
Nescape Directory Server all versions
Netscape Certificate Management Server all versions
Sun One/iPlanet all versions
Attack Scenarios An attacker can send a Client Hello message with an overly
long challenge
length and data, causing a heap overflow on a vulnerable server.
Ease of Attack Difficult.
False Positives None known.
If you think this rule has a false positives, please help fill it out. False
Negatives None known.
If you think this rule has a false negatives, please help fill it out.
Corrective Action Upgrade to the latest non-affected version of the software.
Contributors Sourcefire Vulnerability Research Team
Judy Novak <judy.novak@sourcefire.com>
Brian Caswell <bmc@sourcefire.com>

..For low fares and great deals on hotels, car hire and travel insurance visit
http://www.aerlingus.com
*****************************************************************************
**
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. Any review, dissemination or other use of, or taking
of any action in reliance upon, this information by persons or entities
other than the intended recipient is prohibited.If you have received
this email in error please notify the sender immediately and delete
the material.
*****************************************************************************
**
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Steven Sim: "Failure of to enable telnet service in Solaris 10"
• Previous message: Bhaskar G: "Solaris 9, syslogd problem."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:41:45 EDT