August 26, 2004 — (WEB HOST INDUSTRY REVIEW) — Internet security firm ISS X-Force (xforce.iss.net) has discovered a serious vulnerability in the Netscape Network Security Services library suite that could make it possible for attackers to hijack compromised servers, according to a report by Internetnews.com. In an advisory, the firm warned that the flaw could allow harmful code execution to occur during SSLv2 negotiation. ISS X-Force said any application or product that integrates the NSS library suite and implements SSLv2 ciphers is vulnerable.
“If the SSLv2 protocol is enabled on vulnerable servers, a remote unauthenticated attacker may trigger a buffer overflow condition and execute arbitrary code. This has the potential to result in complete compromise of the target server, and exposure of any information held therein,” ISS X-Force said.
The flaw reportedly affects Netscape Enterprise Server and Sun’s Open Net Environment, two Web server platforms that make use of the NSS library.
