SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#594904

Sun Network Security Services (NSS) vulnerable to DoS due to an unspecified vulnerability

Overview

The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition.

I. Description

The Sun One Application Server provides a Java 2 Platform for delivering Java applications and Web services. The Sun Java System web server is a web server that can run on multiple operating systems. Network Security Services (NSS) are a set of libraries that support the development of security enabled applications.

An unspecified vulnerability exists in NSS libraries used by the Sun Java System Web Server and the Sun ONE Application Server.

From Sun document ID 102670:

    A local or remote unprivileged user may be able to cause the Sun Java System Web Server or the Sun ONE Application Server to exit unexpectedly due to a security vulnerability in Network Security Services (NSS). The ability to disable a Sun Java System Web Server or a Sun ONE Application Server is a type of Denial of Service (DoS).

II. Impact

A remote, unauthenticated attacker may be able to create a denial of service condition.

III. Solution

Upgrade

Sun has released updates to address this issue. See Sun Java System Web Server 6.0 Service Pack 10 or Sun ONE Application Server 7 Update for more details.

Disable SSL

If Secure Sockets Layer (SSL) support is not needed, disabling SSL may mitigate this vulnerability. See Sun document ID 102670 for more details.

Systems Affected

VendorStatusDate NotifiedDate Updated
Sun Microsystems, Inc.Vulnerable9-Feb-2007

References


http://www.sun.com/software/products/appsrvr/index.xml
http://www.sun.com/download/products.xml?id=438cfb75
http://www.sun.com/download/products.xml?id=43a84f89
http://www.mozilla.org/projects/security/pki/nss/
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102670-1
http://en.wikipedia.org/wiki/Ssl
http://www.frsirt.com/english/advisories/2006/4299
http://securitytracker.com/id?1017143
http://secunia.com/advisories/22646

Credit

Thanks to Sun for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public:2006-11-01
Date First Published:2007-02-09
Date Last Updated:2007-02-09
CERT Advisory: 
CVE-ID(s):CVE-2006-5654
NVD-ID(s):CVE-2006-5654
US-CERT Technical Alerts: 
Metric:0.63
Document Revision:32

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2007 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader