Vulnerability Bulletins |
Compromiso remoto en las librerías de Netscape Network Security Services (NSS) |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
Property | Value |
Affected manufacturer | Networking |
Affected software |
Netscape - Enterprise Server (NES) Netscape - Personalization Engine (NPE) Netscape - Directory Server (NDS) Netscape - Certificate Management Server (CMS) Sun ONE/iPlanet Web Server <= 6.0 Service Pack 8 Sun ONE/iPlanet Web Server <= 6.1 Service Pack 2 Sun Java System Application Server <= 7.0 UR4 Sun Java System Application Server <= 7.1 Sun Java Enterprise System 2003Q4 & 2004Q2 Sun Java Enterprise System 2003Q4 & 2004Q2 |
Description |
|
Se ha detectado una vulnerabilidad en la librería de Netscape Network Security Services (NSS) lo cual puede causar un compromiso remoto de los productos que utilicen dicha librería en las comunicaciones SSL. Es posible ejecutar código en los sistemas afectados durante la negociación en una conexión SSLv2. |
|
Solution |
|
Actualización de sotware Librería de Netscape Todas las plataformas ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM/ Sun Sun Java Enterprise System 2003Q4 & 2004Q2 Solaris 8 SPARC http://sunsolve.sun.com/search/document.do?assetkey=1-21-114045-12-1 Solaris 9 SPARC http://sunsolve.sun.com/search/document.do?assetkey=1-21-114049-12-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-115926-10-1 Solaris 8 x86 http://sunsolve.sun.com/search/document.do?assetkey=1-21-114050-12-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-115927-10-1 Sun Java System Web Server 6.1 Sun Java System Web Server 6.1 SP 3 http://wwws.sun.com/software/download/products/415a094d.html Sun Java System Application Server Platform Edition 7 Sun Java System Application Server Platform Edition 7 Update 5 http://wwws.sun.com/software/download/products/4151fe59.html Sun Java System Application Server 7 Standard Edition Sun Java System Application Server 7 Standard Edition Update 5 http://wwws.sun.com/software/download/products/414b472d.html Sun Java System Application Server 7 2004Q2 Sun Java System Application Server 7 2004Q2 Update 1 http://wwws.sun.com/software/download/products/4154c5a5.html Sun Java System Web Server 6.0 Sun Java System Web Server 6.0 SP 9 http://wwws.sun.com/software/download/products/419a6e11.html |
|
Standar resources |
|
Property | Value |
CVE | |
BID | |
Other resources |
|
X-Force Advisory: Netscape NSS Library Remote Compromise http://xforce/iss.net/alerts/id/180 Sun(sm) Alert Notification 57632 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57632-1 Sun(sm) Alert Notification 57643 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57643-1 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2004-08-25 |
1.1 | Aviso emitido por Sun (57632) | 2004-09-02 |
1.2 | Aviso emitido por Sun (57643) | 2004-09-17 |
1.3 | Aviso actualizado por Sun (57632) | 2004-10-26 |
1.4 | Nuevos parches emitidos por Sun (57632) | 2004-12-07 |