Vulnerability Name:

CVE-2004-0826 (CCN-16314)

Assigned:2004-06-03
Published:2004-06-03
Updated:2017-07-11
Summary:Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Mozilla FTP site
ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_9_2_RTM

Source: MITRE
Type: CNA
CVE-2004-0826

Source: HP
Type: UNKNOWN
SSRT4779

Source: CCN
Type: Sun Alert ID: 57632
Netscape NSS Library Vulnerability Affects Sun Java System Web Server and Sun Java System Application Server

Source: CCN
Type: Sun Alert ID: 57643
Netscape NSS Library Vulnerability Affects Sun Java Enterprise System

Source: CCN
Type: CIAC Information Bulletin 0-204
Netscape NSS Library Suite Remote Buffer Overflow

Source: CCN
Type: OSVDB ID: 9116
Netscape Network Security Services (NSS) Library SSLv2 Challenge Overflow

Source: BID
Type: Patch
11015

Source: CCN
Type: BID-11015
Mozilla Network Security Services Library Remote Heap Overflow Vulnerability

Source: CCN
Type: Internet Security Systems Protection Advisory
Netscape NSS Library Remote Compromise

Source: ISS
Type: Patch, Vendor Advisory
20040823 Netscape NSS Library Remote Compromise

Source: XF
Type: UNKNOWN
sslv2-client-hello-overflow(16314)

Source: XF
Type: UNKNOWN
sslv2-client-hello-overflow(16314)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:network_security_services:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.6:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:network_security_services:3.9:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:certificate_server:1.0:patch1:*:*:*:*:*:*
  • OR cpe:/a:netscape:certificate_server:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:directory_server:1.3:patch5:*:*:*:*:*:*
  • OR cpe:/a:netscape:directory_server:3.1:patch1:*:*:*:*:*:*
  • OR cpe:/a:netscape:directory_server:3.12:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:directory_server:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:directory_server:4.11:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:directory_server:4.13:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:2.0.1c:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:2.0a:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.0.1b:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.0.7a:*:netware:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.0l:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.3:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.5:*:solaris:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.6:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.6:*:solaris:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.6:sp1:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.6:sp2:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:3.6:sp3:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:4.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:4.1:sp4:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:4.1:sp5:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:4.1:sp6:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:4.1:sp7:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:4.1:sp8:*:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:4.1.1:*:netware:*:*:*:*:*
  • OR cpe:/a:netscape:enterprise_server:5.0:*:netware:*:*:*:*:*
  • OR cpe:/a:netscape:personalization_engine:*:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_enterprise_system:2003q4:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_enterprise_system:2004q2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:7.0:*:enterprise:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:7.0:ur4:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:one_application_server:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:one_application_server:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:one_application_server:6.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp13:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp14:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.0:sp7:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.0:sp8:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.1:sp2:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:netscape:enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:directory_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:personalization_engine:*:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:certificate_management_system:-:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_enterprise_system:2003q4:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_enterprise_system:2004q2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp13:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp14:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_application_server:7.0:ur4:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.0:sp8:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.0:sp7:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:sun:one_web_server:6.0:sp1:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/a:sun:iplanet_web_server:-:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    mozilla network security services 3.2
    mozilla network security services 3.2.1
    mozilla network security services 3.3
    mozilla network security services 3.3.1
    mozilla network security services 3.3.2
    mozilla network security services 3.4
    mozilla network security services 3.4.1
    mozilla network security services 3.4.2
    mozilla network security services 3.5
    mozilla network security services 3.6
    mozilla network security services 3.6.1
    mozilla network security services 3.7
    mozilla network security services 3.7.1
    mozilla network security services 3.7.2
    mozilla network security services 3.7.3
    mozilla network security services 3.7.5
    mozilla network security services 3.7.7
    mozilla network security services 3.8
    mozilla network security services 3.9
    netscape certificate server 1.0 patch1
    netscape certificate server 4.2
    netscape directory server 1.3 patch5
    netscape directory server 3.1 patch1
    netscape directory server 3.12
    netscape directory server 4.1
    netscape directory server 4.11
    netscape directory server 4.13
    netscape enterprise server 2.0
    netscape enterprise server 2.0.1c
    netscape enterprise server 2.0a
    netscape enterprise server 3.0
    netscape enterprise server 3.0.1
    netscape enterprise server 3.0.1b
    netscape enterprise server 3.0.7a
    netscape enterprise server 3.0l
    netscape enterprise server 3.1
    netscape enterprise server 3.2
    netscape enterprise server 3.3
    netscape enterprise server 3.4
    netscape enterprise server 3.5
    netscape enterprise server 3.5
    netscape enterprise server 3.5.1
    netscape enterprise server 3.6
    netscape enterprise server 3.6
    netscape enterprise server 3.6 sp1
    netscape enterprise server 3.6 sp2
    netscape enterprise server 3.6 sp3
    netscape enterprise server 4.0
    netscape enterprise server 4.1 sp3
    netscape enterprise server 4.1 sp4
    netscape enterprise server 4.1 sp5
    netscape enterprise server 4.1 sp6
    netscape enterprise server 4.1 sp7
    netscape enterprise server 4.1 sp8
    netscape enterprise server 4.1.1
    netscape enterprise server 5.0
    netscape personalization engine *
    sun java enterprise system 2003q4
    sun java enterprise system 2004q2
    sun java system application server 7.0
    sun java system application server 7.0
    sun java system application server 7.0
    sun java system application server 7.0 ur4
    sun java system application server 7.1
    sun one application server 6.0
    sun one application server 6.0 sp1
    sun one application server 6.0 sp2
    sun one web server 4.1
    sun one web server 4.1 sp1
    sun one web server 4.1 sp10
    sun one web server 4.1 sp11
    sun one web server 4.1 sp12
    sun one web server 4.1 sp13
    sun one web server 4.1 sp14
    sun one web server 4.1 sp2
    sun one web server 4.1 sp3
    sun one web server 4.1 sp4
    sun one web server 4.1 sp5
    sun one web server 4.1 sp6
    sun one web server 4.1 sp7
    sun one web server 4.1 sp8
    sun one web server 4.1 sp9
    sun one web server 6.0 sp3
    sun one web server 6.0 sp4
    sun one web server 6.0 sp5
    sun one web server 6.0 sp7
    sun one web server 6.0 sp8
    sun one web server 6.1
    sun one web server 6.1 sp1
    sun one web server 6.1 sp2
    hp hp-ux 11.00
    hp hp-ux 11.11
    hp hp-ux 11.23
    netscape enterprise server *
    netscape directory server *
    sun one web server 6.0
    sun one web server 4.1
    sun one web server 6.1
    netscape personalization engine *
    netscape certificate management system -
    sun java enterprise system 2003q4
    sun java enterprise system 2004q2
    sun java system application server 7.1
    sun one web server 4.1 sp1
    sun one web server 4.1 sp10
    sun one web server 4.1 sp11
    sun one web server 4.1 sp12
    sun one web server 4.1 sp13
    sun one web server 4.1 sp14
    sun one web server 4.1 sp2
    sun one web server 4.1 sp3
    sun one web server 4.1 sp4
    sun one web server 4.1 sp5
    sun one web server 4.1 sp6
    sun one web server 4.1 sp7
    sun one web server 4.1 sp8
    sun one web server 4.1 sp9
    sun one web server 6.1 sp1
    sun one web server 6.1 sp2
    sun one web server 6.0 sp4
    sun one web server 6.0 sp5
    sun java system application server 7.0 ur4
    sun one web server 6.0 sp8
    sun one web server 6.0 sp7
    sun one web server 6.0 sp3
    sun one web server 6.0 sp2
    sun one web server 6.0 sp1
    sun solaris 8
    sun iplanet web server -
    sun solaris 9
    hp hp-ux b.11.00
    hp hp-ux b.11.11
    hp hp-ux b.11.23