Description
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
Product(s):
- Mozilla Network Security Services 3.2.1
- Mozilla Network Security Services 3.2
- Mozilla Network Security Services 3.3.1
- Mozilla Network Security Services 3.3.2
- Mozilla Network Security Services 3.3
- Mozilla Network Security Services 3.4.1
- Mozilla Network Security Services 3.4.2
- Mozilla Network Security Services 3.4
- Mozilla Network Security Services 3.5
- Mozilla Network Security Services 3.6.1
- Mozilla Network Security Services 3.6
- Mozilla Network Security Services 3.7.1
- Mozilla Network Security Services 3.7.2
- Mozilla Network Security Services 3.7.3
- Mozilla Network Security Services 3.7.5
- Mozilla Network Security Services 3.7.7
- Mozilla Network Security Services 3.7
- Mozilla Network Security Services 3.8
- Mozilla Network Security Services 3.9
- Netscape Certificate Server 1.0 Patch 1
- Netscape Certificate Server 4.2
- Netscape Directory Server 1.3 Patch 5
- Netscape Netscape Directory Server 3.12
- Netscape Directory Server 3.1 Patch 1
- Netscape Netscape Directory Server 4.11
- Netscape Netscape Directory Server 4.13
- Netscape Netscape Directory Server 4.1
- Netscape Enterprise Server 2.0.1c
- Netscape Netscape Enterprise Server 2.0
- Netscape Enterprise Server 2.0a
- Netscape Netscape Enterprise Server 3.0.1
- Netscape Enterprise Server 3.0.1b
- Netscape Enterprise Server 3.0.7a for Netware
- Netscape Netscape Enterprise Server 3.0
- Netscape Enterprise Server 3.0l
- Netscape Netscape Enterprise Server 3.1
- Netscape Netscape Enterprise Server 3.2
- Netscape Netscape Enterprise Server 3.3
- Netscape Netscape Enterprise Server 3.4
- Netscape Netscape Enterprise Server 3.5.1
- Netscape Netscape Enterprise Server 3.5
- Netscape Enterprise Server 3.5 for Solaris
- Netscape Netscape Enterprise Server 3.6
- Netscape Enterprise Server 3.6 for Solaris
- Netscape Enterprise Server 3.6 SP1
- Netscape Enterprise Server 3.6 SP2
- Netscape Enterprise Server 3.6 SP3
- Netscape Netscape Enterprise Server 4.0
- Netscape Enterprise Server 4.1.1 for Netware
- Netscape Enterprise Server 4.1 SP3
- Netscape Enterprise Server 4.1 SP4
- Netscape Enterprise Server 4.1 SP5
- Netscape Enterprise Server 4.1 SP6
- Netscape Enterprise Server 4.1 SP7
- Netscape Enterprise Server 4.1 SP8
- Netscape Enterprise Server 5.0 for Netware
- Netscape Personalization Engine
- Sun Java Enterprise System 2003Q4
- Sun Java Enterprise System 2004Q2
- Sun Java System Application Server 7.0 Enterprise Edition
- Sun Java System Application Server 7.0 Platform Edition
- Sun Java System Application Server 7.0 Standard Edition
- Sun Java System Application Server 7.0 UR4
- Sun Java System Application Server 7.1
- Sun ONE Application Server 6.0
- Sun ONE Application Server 6.0 SP1
- Sun ONE Application Server 6.0 SP2
- Sun ONE Web Server 4.1
- Sun ONE Web Server 4.1 SP10
- Sun ONE Web Server 4.1 SP11
- Sun ONE Web Server 4.1 SP12
- Sun ONE Web Server 4.1 SP8
- Sun ONE Web Server 4.1 SP9
- Sun ONE Web Server 4.1 SP1
- Sun ONE Web Server 4.1 SP2
- Sun ONE Web Server 4.1 SP3
- Sun ONE Web Server 4.1 SP4
- Sun ONE Web Server 4.1 SP5
- Sun ONE Web Server 4.1 SP6
- Sun ONE Web Server 4.1 SP7
- Sun ONE Web Server 6.0 SP3
- Sun ONE Web Server 6.0 SP4
- Sun ONE Web Server 6.0 SP5
- Sun ONE Web Server 6.0 SP7
- Sun ONE Web Server 6.0 SP8
- Sun ONE Web Server 6.1
- Sun ONE Web Server 6.1 SP1
- Sun ONE Web Server 6.1 SP2
- HP-UX 11.00
- HP-UX 11.11
- HP-UX 11.23 on IA64 64-bit
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-0826, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-0826 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.