ID de Prueba:	1.3.6.1.4.1.25623.1.0.14361
Categoría:	Gain a shell remotely
Título:	NSS Library SSLv2 Challenge Overflow
Resumen:	The remote host seems to be using the Mozilla Network Security Services (NSS); Library, a set of libraries designed to support the development of security-enabled client/server application.
Descripción:	Summary: The remote host seems to be using the Mozilla Network Security Services (NSS) Library, a set of libraries designed to support the development of security-enabled client/server application. Vulnerability Impact: There seems to be a flaw in the remote version of this library, in the SSLv2 handling code, which may allow an attacker to cause a heap overflow and therefore execute arbitrary commands on the remote host. To exploit this flaw, an attacker would need to send a malformed SSLv2 'hello' message to the remote service. Solution: Upgrade the remote service to use NSS 3.9.2 or newer. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0826 BugTraq ID: 11015 http://www.securityfocus.com/bid/11015 HPdes Security Advisory: SSRT4779 http://marc.info/?l=bugtraq&m=109351293827731&w=2 ISS Security Advisory: 20040823 Netscape NSS Library Remote Compromise http://xforce.iss.net/xforce/alerts/id/180 XForce ISS Database: sslv2-client-hello-overflow(16314) https://exchange.xforce.ibmcloud.com/vulnerabilities/16314
Copyright	Copyright (C) 2004 Digital Defense Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.