SSLV2 Client Hello Overflow

sslv2-client-hello-overflow (16314) The risk level is classified as HighHigh Risk

Description:

The SSL (Secure Sockets Layer) protocol is vulnerable to a buffer overflow. If a Web server has SSLv2 enabled, an attacker can supply a malformed SSLv2 Client Hello Message packet to overflow a buffer and cause the service or crash or execute arbitrary code on the system with privileges of the Web server.


Consequences:

Gain Access

Remedy:

For manual protection, a vendor-supplied update for the NSS library is available for download from the Mozilla FTP site. See References.

For Sun Java Enterprise System:
Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 57643 for more information. See References.

SPARC Platform
Sun Java Enterprise System 2003Q4 and 2004Q2 for Solaris 8: 114045-12 or later and 115924-09 or later
Sun Java Enterprise System 2003Q4 and 2004Q2 for Solaris 9: 114049-12 or later and 115926-10 or later

x86 Platform
Sun Java Enterprise System 2003Q4 and 2004Q2 for Solaris 9: 114050-12 or later and 115927-10 or later

For Sun Java Web Server and Application Server:
Upgrade to the latest version, as listed below. Refer to Sun Alert ID: 57632 for more information. See References.

Sun Java System Web Server 6.0: SP9 or later
Sun Java System Web Server 6.1: SP3 or later
Sun Java System Application Server 7: 2004Q2 Update 1 or later
Sun Java System Application Server 7: Update 5 or later

As a workaround, mitigate risk associated with this vulnerability by disabling SSLv2 and all associated SSLv2 ciphers.

References:

  • CIAC Information Bulletin 0-204: Netscape NSS Library Suite Remote Buffer Overflow.
  • Internet Security Systems Protection Advisory: Netscape NSS Library Remote Compromise.
  • Mozilla FTP site: ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM.
  • Sun Alert ID: 57632: Netscape NSS Library Vulnerability Affects Sun Java System Web Server and Sun Java System Application Server.
  • Sun Alert ID: 57643: Netscape NSS Library Vulnerability Affects Sun Java Enterprise System.
  • BID-11015: Mozilla Network Security Services Library Remote Heap Overflow Vulnerability
  • CVE-2004-0826: Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

Platforms Affected:

  • HP HP-UX B.11.00
  • HP HP-UX B.11.11
  • HP HP-UX B.11.23
  • Netscape Certificate Management System
  • Netscape Directory Server
  • Netscape Enterprise Server
  • Netscape Personalization Engine
  • Netscape Security Services
  • Sun iPlanet Web Server
  • Sun Java Enterprise System 2003Q4
  • Sun Java Enterprise System 2004Q2
  • Sun Java System Application Server 7.0 UR4
  • Sun Java System Application Server 7.1
  • Sun ONE Web Server 4.1 SP2
  • Sun ONE Web Server 4.1 SP14
  • Sun ONE Web Server 4.1 SP13
  • Sun ONE Web Server 4.1 SP12
  • Sun ONE Web Server 4.1 SP11
  • Sun ONE Web Server 4.1 SP10
  • Sun ONE Web Server 4.1 SP1
  • Sun ONE Web Server 4.1 SP3
  • Sun ONE Web Server 4.1
  • Sun ONE Web Server 4.1 SP9
  • Sun ONE Web Server 4.1 SP8
  • Sun ONE Web Server 4.1 SP7
  • Sun ONE Web Server 4.1 SP6
  • Sun ONE Web Server 4.1 SP5
  • Sun ONE Web Server 4.1 SP4
  • Sun ONE Web Server 6.0 SP2
  • Sun ONE Web Server 6.0 SP1
  • Sun ONE Web Server 6.0 SP6
  • Sun ONE Web Server 6.0 SP4
  • Sun ONE Web Server 6.0 SP7
  • Sun ONE Web Server 6.0 SP8
  • Sun ONE Web Server 6.0
  • Sun ONE Web Server 6.0 SP3
  • Sun ONE Web Server 6.0 SP5
  • Sun ONE Web Server 6.1
  • Sun ONE Web Server 6.1 SP2
  • Sun ONE Web Server 6.1 SP1
  • Sun Solaris 8
  • Sun Solaris 9

Reported:

Jun 03, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page