lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040826231633.79417.qmail@web60310.mail.yahoo.com>
From: jessevalentin at yahoo.com (JV)
Subject: SSL Vulnerability??


Here’s an interesting link having to do with a vulnerability found in the Netscape NSS library which will impact any “products making use of the library for SSL communication”. Might be possible to remotely compromise any sites affected by this issue.

 

This has the potential to be very ugly since any site using SSL is usually trying to protect something valuable… banking, health information, etc.. 

 

Some products making use of this library suite are:

Netscape - Enterprise Server (NES) - All known versions

Netscape - Personalization Engine (NPE) - All known versions

Netscape - Directory Server (NDS) - All known versions

Netscape - Certificate Management Server (CMS) - All known versions

Sun  - Sun One/iPlanet - All known versions

Any application or product that integrates the NSS library suite and

which implements SSLv2 ciphers

 

 

Check out this link for more info and vendor supplied patches, etc.
http://xforce.iss.net/xforce/alerts/id/180
 
- Jesse

		
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040826/56c362fb/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ