CVE-2004-0826 | Vulnerability Database | Aqua Security

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

Affected Software

Name	Vendor	Start Version	End Version
Network_security_services	Mozilla	3.2 (including)	3.2 (including)
Network_security_services	Mozilla	3.2.1 (including)	3.2.1 (including)
Network_security_services	Mozilla	3.3 (including)	3.3 (including)
Network_security_services	Mozilla	3.3.1 (including)	3.3.1 (including)
Network_security_services	Mozilla	3.3.2 (including)	3.3.2 (including)
Network_security_services	Mozilla	3.4 (including)	3.4 (including)
Network_security_services	Mozilla	3.4.1 (including)	3.4.1 (including)
Network_security_services	Mozilla	3.4.2 (including)	3.4.2 (including)
Network_security_services	Mozilla	3.5 (including)	3.5 (including)
Network_security_services	Mozilla	3.6 (including)	3.6 (including)
Network_security_services	Mozilla	3.6.1 (including)	3.6.1 (including)
Network_security_services	Mozilla	3.7 (including)	3.7 (including)
Network_security_services	Mozilla	3.7.1 (including)	3.7.1 (including)
Network_security_services	Mozilla	3.7.2 (including)	3.7.2 (including)
Network_security_services	Mozilla	3.7.3 (including)	3.7.3 (including)
Network_security_services	Mozilla	3.7.5 (including)	3.7.5 (including)
Network_security_services	Mozilla	3.7.7 (including)	3.7.7 (including)
Network_security_services	Mozilla	3.8 (including)	3.8 (including)
Network_security_services	Mozilla	3.9 (including)	3.9 (including)
Certificate_server	Netscape	1.0-patch1 (including)	1.0-patch1 (including)
Certificate_server	Netscape	4.2 (including)	4.2 (including)
Directory_server	Netscape	1.3-patch5 (including)	1.3-patch5 (including)
Directory_server	Netscape	3.1-patch1 (including)	3.1-patch1 (including)
Directory_server	Netscape	3.12 (including)	3.12 (including)
Directory_server	Netscape	4.1 (including)	4.1 (including)
Directory_server	Netscape	4.11 (including)	4.11 (including)
Directory_server	Netscape	4.13 (including)	4.13 (including)
Enterprise_server	Netscape	2.0 (including)	2.0 (including)
Enterprise_server	Netscape	2.0.1c (including)	2.0.1c (including)
Enterprise_server	Netscape	2.0a (including)	2.0a (including)
Enterprise_server	Netscape	3.0 (including)	3.0 (including)
Enterprise_server	Netscape	3.0.1 (including)	3.0.1 (including)
Enterprise_server	Netscape	3.0.1b (including)	3.0.1b (including)
Enterprise_server	Netscape	3.0.7a (including)	3.0.7a (including)
Enterprise_server	Netscape	3.0l (including)	3.0l (including)
Enterprise_server	Netscape	3.1 (including)	3.1 (including)
Enterprise_server	Netscape	3.2 (including)	3.2 (including)
Enterprise_server	Netscape	3.3 (including)	3.3 (including)
Enterprise_server	Netscape	3.4 (including)	3.4 (including)
Enterprise_server	Netscape	3.5 (including)	3.5 (including)
Enterprise_server	Netscape	3.5.1 (including)	3.5.1 (including)
Enterprise_server	Netscape	3.6 (including)	3.6 (including)
Enterprise_server	Netscape	3.6-sp1 (including)	3.6-sp1 (including)
Enterprise_server	Netscape	3.6-sp2 (including)	3.6-sp2 (including)
Enterprise_server	Netscape	3.6-sp3 (including)	3.6-sp3 (including)
Enterprise_server	Netscape	4.0 (including)	4.0 (including)
Enterprise_server	Netscape	4.1-sp3 (including)	4.1-sp3 (including)
Enterprise_server	Netscape	4.1-sp4 (including)	4.1-sp4 (including)
Enterprise_server	Netscape	4.1-sp5 (including)	4.1-sp5 (including)
Enterprise_server	Netscape	4.1-sp6 (including)	4.1-sp6 (including)
Enterprise_server	Netscape	4.1-sp7 (including)	4.1-sp7 (including)
Enterprise_server	Netscape	4.1-sp8 (including)	4.1-sp8 (including)
Enterprise_server	Netscape	4.1.1 (including)	4.1.1 (including)
Enterprise_server	Netscape	5.0 (including)	5.0 (including)
Personalization_engine	Netscape	*	*
Java_enterprise_system	Sun	2003q4 (including)	2003q4 (including)
Java_enterprise_system	Sun	2004q2 (including)	2004q2 (including)
Java_system_application_server	Sun	7.0 (including)	7.0 (including)
Java_system_application_server	Sun	7.0-ur4 (including)	7.0-ur4 (including)
Java_system_application_server	Sun	7.1 (including)	7.1 (including)
One_application_server	Sun	6.0 (including)	6.0 (including)
One_application_server	Sun	6.0-sp1 (including)	6.0-sp1 (including)
One_application_server	Sun	6.0-sp2 (including)	6.0-sp2 (including)
One_web_server	Sun	4.1 (including)	4.1 (including)
One_web_server	Sun	4.1-sp1 (including)	4.1-sp1 (including)
One_web_server	Sun	4.1-sp10 (including)	4.1-sp10 (including)
One_web_server	Sun	4.1-sp11 (including)	4.1-sp11 (including)
One_web_server	Sun	4.1-sp12 (including)	4.1-sp12 (including)
One_web_server	Sun	4.1-sp13 (including)	4.1-sp13 (including)
One_web_server	Sun	4.1-sp14 (including)	4.1-sp14 (including)
One_web_server	Sun	4.1-sp2 (including)	4.1-sp2 (including)
One_web_server	Sun	4.1-sp3 (including)	4.1-sp3 (including)
One_web_server	Sun	4.1-sp4 (including)	4.1-sp4 (including)
One_web_server	Sun	4.1-sp5 (including)	4.1-sp5 (including)
One_web_server	Sun	4.1-sp6 (including)	4.1-sp6 (including)
One_web_server	Sun	4.1-sp7 (including)	4.1-sp7 (including)
One_web_server	Sun	4.1-sp8 (including)	4.1-sp8 (including)
One_web_server	Sun	4.1-sp9 (including)	4.1-sp9 (including)
One_web_server	Sun	6.0-sp3 (including)	6.0-sp3 (including)
One_web_server	Sun	6.0-sp4 (including)	6.0-sp4 (including)
One_web_server	Sun	6.0-sp5 (including)	6.0-sp5 (including)
One_web_server	Sun	6.0-sp7 (including)	6.0-sp7 (including)
One_web_server	Sun	6.0-sp8 (including)	6.0-sp8 (including)
One_web_server	Sun	6.1 (including)	6.1 (including)
One_web_server	Sun	6.1-sp1 (including)	6.1-sp1 (including)
One_web_server	Sun	6.1-sp2 (including)	6.1-sp2 (including)

References

http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2
http://www.securityfocus.com/bid/11015
http://xforce.iss.net/xforce/alerts/id/180
https://exchange.xforce.ibmcloud.com/vulnerabilities/16314

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0826
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html