« Sun Alert 263529... | Main | Sun Alert 268288 A... »
13 Oct 2009 Sun Alert 267031 Heap Overflow in a Regular Expression Parser in Network Security Services (NSS) may Affect SSL Clients (CVE-2009-2404)
posted by chandan in Alerts
Product: Solaris 9 Operating System Solaris 10 Operating System Sun Java Enterprise System 5 Sun Java Enterprise System 2005

A heap overflow vulnerability in Network Security Services (NSS) may allow a remote SSL server to cause a Denial of Service (DoS) to SSL client applications or to possibly execute arbitrary code with the privileges of the SSL client application, via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the "cert_TestHostName" function.

Firefox, Thunderbird, Pidgin and Evolution are examples of vulnerable SSL client applications.

This issue is also described in the following document:

    CVE-2009-2404 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404

State: Resolved
First released: 13-Oct-2009
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-267031-1
Permalink |
Comments:

Post a Comment:

Comments are closed for this entry.

« Sun Alert 263529... | Main | Sun Alert 268288 A... »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« February 2010
SunMonTueWedThuFriSat
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
      
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2010, Oracle Corporation and/or its affiliates