NSS Library SSL v.2.0 remote command execution

Description

The remote host seems to be using a vulnerable version of the Mozilla Network Security Services (NSS) Library, the SSL v.2.0 handling code may allow an attacker to cause a heap overflow and therefore execute arbitrary commands on the remote host.

Remediation

Upgrade the remote service to use NSS 3.9.2 or newer.

Severity
Classification
Tags
  • Missing Update  Network Alert