This security advisory from Sun (released yesterday) is rated highly critical.

From Sun:

Security vulnerabilities in the Network Security Services (NSS) implementation of SSL2 may affect both SSL clients (such as browsers) and SSL servers which make use of this library. As a result, the client or server may exit unexpectedly, which is a type of Denial of Service (DoS). For servers running on Microsoft Windows, they may present a remote code execution vulnerability. These vulnerabilities are in NSS’s implementation of SSL2, not in the SSL2 protocol itself.

Note: NSS is a set of libraries that implement SSL2, SSL 3.0 and TLS (SSL 3.1). NSS is widely used. It is used in the Mozilla family of browsers offered by Sun to Solaris users. It is also used in the “Java Enterprise Server” (JES) family of server products, including Web server, Directory Server, Messaging Server, Application Server, Portal Server, and others. It is used for the built-in LDAPS client in Solaris 9 and 10 which may be used as part of the Solaris login program.This issue is also described in the following documents:

Article Link

[tags]Sun, Solaris, Network Security Services, SSL Security[/tags]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.