# Netscape Multiple Products NSS Library Vulnerability, (Highly critical)



## jgvernonco (Sep 13, 2003)

Netscape Multiple Products NSS Library Vulnerability

SECUNIA ADVISORY ID:
SA12379

VERIFY ADVISORY:
http://secunia.com/advisories/12379/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Netscape Certificate Management System 4.x
http://secunia.com/product/3832/
Netscape Directory Server 4.x
http://secunia.com/product/3318/
Netscape Enterprise Server 3.x
http://secunia.com/product/3830/

DESCRIPTION:
ISS X-Force has reported a vulnerability in the NSS library included
with various Netscape products, which can be exploited by malicious
people to compromise a vulnerable system.

For more information:
SA12362

The following products reportedly include the affected library:
* Netscape Enterprise Server
* Netscape Personalization Engine
* Netscape Directory Server
* Netscape Certificate Management System

SOLUTION:
Install the original NSS library, disable SSLv2 support, or filter
access to affected SSL-based services.

PROVIDED AND/OR DISCOVERED BY:
Mark Dowd, ISS X-Force.

OTHER REFERENCES:
SA12362:
http://secunia.com/advisories/12362/


----------

