Vulnerability Bulletins

int(983)

Vulnerability Bulletins

Compromiso remoto en las librerías de Netscape Network Security Services (NSS)
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Obtener acceso
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio exotico
System information
Property	Value
Affected manufacturer	Networking
Affected software	Netscape - Enterprise Server (NES) Netscape - Personalization Engine (NPE) Netscape - Directory Server (NDS) Netscape - Certificate Management Server (CMS) Sun ONE/iPlanet Web Server <= 6.0 Service Pack 8 Sun ONE/iPlanet Web Server <= 6.1 Service Pack 2 Sun Java System Application Server <= 7.0 UR4 Sun Java System Application Server <= 7.1 Sun Java Enterprise System 2003Q4 & 2004Q2 Sun Java Enterprise System 2003Q4 & 2004Q2
Description
Se ha detectado una vulnerabilidad en la librería de Netscape Network Security Services (NSS) lo cual puede causar un compromiso remoto de los productos que utilicen dicha librería en las comunicaciones SSL. Es posible ejecutar código en los sistemas afectados durante la negociación en una conexión SSLv2.
Solution
Actualización de sotware Librería de Netscape Todas las plataformas ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM/ Sun Sun Java Enterprise System 2003Q4 & 2004Q2 Solaris 8 SPARC http://sunsolve.sun.com/search/document.do?assetkey=1-21-114045-12-1 Solaris 9 SPARC http://sunsolve.sun.com/search/document.do?assetkey=1-21-114049-12-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-115926-10-1 Solaris 8 x86 http://sunsolve.sun.com/search/document.do?assetkey=1-21-114050-12-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-115927-10-1 Sun Java System Web Server 6.1 Sun Java System Web Server 6.1 SP 3 http://wwws.sun.com/software/download/products/415a094d.html Sun Java System Application Server Platform Edition 7 Sun Java System Application Server Platform Edition 7 Update 5 http://wwws.sun.com/software/download/products/4151fe59.html Sun Java System Application Server 7 Standard Edition Sun Java System Application Server 7 Standard Edition Update 5 http://wwws.sun.com/software/download/products/414b472d.html Sun Java System Application Server 7 2004Q2 Sun Java System Application Server 7 2004Q2 Update 1 http://wwws.sun.com/software/download/products/4154c5a5.html Sun Java System Web Server 6.0 Sun Java System Web Server 6.0 SP 9 http://wwws.sun.com/software/download/products/419a6e11.html
Standar resources
Property	Value
CVE
BID
Other resources
X-Force Advisory: Netscape NSS Library Remote Compromise http://xforce/iss.net/alerts/id/180 Sun(sm) Alert Notification 57632 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57632-1 Sun(sm) Alert Notification 57643 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57643-1

Version history
Version	Comments	Date
1.0	Aviso emitido	2004-08-25
1.1	Aviso emitido por Sun (57632)	2004-09-02
1.2	Aviso emitido por Sun (57643)	2004-09-17
1.3	Aviso actualizado por Sun (57632)	2004-10-26
1.4	Nuevos parches emitidos por Sun (57632)	2004-12-07

Vulnerability Bulletins

Compromiso remoto en las librerías de Netscape Network Security Services (NSS)

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history