Document NSS SSLv2 server buffer overflow (already referenced in

portaudit.txt).
svn path=/head/; revision=117429
2004-08-27 15:29:58 +00:00 · 2004-08-27 15:29:58 +00:00 · 8961228139 · 2021-03-31 03:12:20 +00:00
commit 8961228139
parent 17ae9e002a
3 changed files with 37 additions and 2 deletions
--- a/ports-mgmt/portaudit-db/database/portaudit.txt
+++ b/ports-mgmt/portaudit-db/database/portaudit.txt
@ -67,5 +67,4 @@ gallery<1.4.4.1|http://archives.neohapsis.com/archives/fulldisclosure/2004-08/07
 apache>=2.*<2.0.50_2|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751 http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 http://issues.apache.org/bugzilla/show_bug.cgi?id=27945 http://issues.apache.org/bugzilla/show_bug.cgi?id=29690|potential security flaws in mod_ssl|0e08f539-f151-11d8-81b0-000347a4fa7d
 a2ps-{a4,letter,letterdj}<4.13b_2|http://www.freebsd.org/cgi/query-pr.cgi?pr=70618|a2ps: Possible execution of shell commands as local user|8091fcea-f35e-11d8-81b0-000347a4fa7d
 {ja-,}xv<=3.10a_3|http://secunia.com/advisories/12352 http://www.securityfocus.com/archive/1/372345 http://www.osvdb.org/9115 http://www.osvdb.org/9118 http://www.osvdb.org/9119 http://www.osvdb.org/9120|multiple buffer overflows in xv|34c453ba-f686-11d8-81b0-000347a4fa7d
-nss<3.9.2|http://xforce.iss.net/xforce/alerts/id/180 http://secunia.com/advisories/12362 http://www.osvdb.org/9116|Netscape network security services (NSS) library SSL remote buffer overflow|207f8ff3-f697-11d8-81b0-000347a4fa7d
 nss<3.9|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0564 http://secunia.com/advisories/11096 http://www.osvdb.org/4197|Mozilla / NSS S/MIME DoS vulnerability|65532ad9-f69b-11d8-81b0-000347a4fa7d
--- a/security/portaudit-db/database/portaudit.txt
+++ b/security/portaudit-db/database/portaudit.txt
@ -67,5 +67,4 @@ gallery<1.4.4.1|http://archives.neohapsis.com/archives/fulldisclosure/2004-08/07
 apache>=2.*<2.0.50_2|http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751 http://issues.apache.org/bugzilla/show_bug.cgi?id=30134 http://issues.apache.org/bugzilla/show_bug.cgi?id=27945 http://issues.apache.org/bugzilla/show_bug.cgi?id=29690|potential security flaws in mod_ssl|0e08f539-f151-11d8-81b0-000347a4fa7d
 a2ps-{a4,letter,letterdj}<4.13b_2|http://www.freebsd.org/cgi/query-pr.cgi?pr=70618|a2ps: Possible execution of shell commands as local user|8091fcea-f35e-11d8-81b0-000347a4fa7d
 {ja-,}xv<=3.10a_3|http://secunia.com/advisories/12352 http://www.securityfocus.com/archive/1/372345 http://www.osvdb.org/9115 http://www.osvdb.org/9118 http://www.osvdb.org/9119 http://www.osvdb.org/9120|multiple buffer overflows in xv|34c453ba-f686-11d8-81b0-000347a4fa7d
-nss<3.9.2|http://xforce.iss.net/xforce/alerts/id/180 http://secunia.com/advisories/12362 http://www.osvdb.org/9116|Netscape network security services (NSS) library SSL remote buffer overflow|207f8ff3-f697-11d8-81b0-000347a4fa7d
 nss<3.9|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0564 http://secunia.com/advisories/11096 http://www.osvdb.org/4197|Mozilla / NSS S/MIME DoS vulnerability|65532ad9-f69b-11d8-81b0-000347a4fa7d
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -32,6 +32,43 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="207f8ff3-f697-11d8-81b0-000347a4fa7d">
+    <topic>nss -- exploitable buffer overflow in SSLv2 protocol handler</topic>
+    <affects>
+      <package>
+        <name>nss</name>
+        <range><lt>3.9.2</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+        <p>ISS X-Force reports that a remotely exploitable buffer
+          overflow exists in the Netscape Security Services (NSS)
+	  library's implementation of SSLv2.  From their advisory:</p>
+	<blockquote cite="http://xforce.iss.net/xforce/alerts/id/180">
+          <p>The NSS library contains a flaw in SSLv2 record parsing
+            that may lead to remote compromise. When parsing the
+            first record in an SSLv2 negotiation, the client hello
+            message, the server fails to validate the length of a
+            record field. As a result, it is possible for an attacker
+            to trigger a heap-based overflow of arbitrary length.</p>
+	</blockquote>
+	<p>Note that the vulnerable NSS library is also present in
+	  Mozilla-based browsers.  However, it is not believed that
+	  browsers are affected, as the vulnerability is present only in
+	  code used by SSLv2 *servers*.</p>
+      </body>
+    </description>
+    <references>
+      <url>http://xforce.iss.net/xforce/alerts/id/180</url>
+      <url>http://www.osvdb.org/9116</url>
+    </references>
+    <dates>
+      <discovery>2004-08-23</discovery>
+      <entry>2004-08-27</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="85e19dff-e606-11d8-9b0a-000347a4fa7d">
    <topic>ripMIME -- decoding bug allowing content filter bypass</topic>
    <affects>