CVE-2004-0826 | Vulnerability Database | Aqua Security

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

Affected Software

Name	Vendor	Start Version	End Version
Enterprise_server	Netscape	3.5	3.5
One_web_server	Sun	4.1	4.1
Network_security_services	Mozilla	3.6.1	3.6.1
Network_security_services	Mozilla	3.2	3.2
Enterprise_server	Netscape	4.0	4.0
One_web_server	Sun	6.0	6.0
One_application_server	Sun	6.0	6.0
Java_system_application_server	Sun	7.0	7.0
One_web_server	Sun	6.1	6.1
One_web_server	Sun	6.1	6.1
Directory_server	Netscape	4.1	4.1
Network_security_services	Mozilla	3.7.7	3.7.7
Network_security_services	Mozilla	3.7.5	3.7.5
Network_security_services	Mozilla	3.7.1	3.7.1
One_web_server	Sun	4.1	4.1
Enterprise_server	Netscape	4.1.1	4.1.1
Enterprise_server	Netscape	3.6	3.6
Enterprise_server	Netscape	4.1	4.1
Directory_server	Netscape	1.3	1.3
One_application_server	Sun	6.0	6.0
Network_security_services	Mozilla	3.6	3.6
One_web_server	Sun	6.0	6.0
Enterprise_server	Netscape	3.6	3.6
Directory_server	Netscape	3.1	3.1
Enterprise_server	Netscape	2.0a	2.0a
Network_security_services	Mozilla	3.2.1	3.2.1
One_web_server	Sun	4.1	4.1
Certificate_server	Netscape	1.0	1.0
One_web_server	Sun	4.1	4.1
Enterprise_server	Netscape	4.1	4.1
Java_enterprise_system	Sun	2003q4	2003q4
Enterprise_server	Netscape	3.0.1b	3.0.1b
Enterprise_server	Netscape	3.0.1	3.0.1
Java_system_application_server	Sun	7.1	7.1
Java_enterprise_system	Sun	2004q2	2004q2
Enterprise_server	Netscape	2.0	2.0
One_web_server	Sun	4.1	4.1
Enterprise_server	Netscape	3.0.7a	3.0.7a
One_web_server	Sun	6.0	6.0
One_web_server	Sun	4.1	4.1
Network_security_services	Mozilla	3.9	3.9
One_web_server	Sun	6.1	6.1
Network_security_services	Mozilla	3.4	3.4
Enterprise_server	Netscape	4.1	4.1
One_web_server	Sun	4.1	4.1
One_web_server	Sun	4.1	4.1
One_web_server	Sun	4.1	4.1
Network_security_services	Mozilla	3.8	3.8
One_web_server	Sun	6.0	6.0
Enterprise_server	Netscape	3.6	3.6
Network_security_services	Mozilla	3.4.1	3.4.1
Network_security_services	Mozilla	3.7	3.7
Enterprise_server	Netscape	3.6	3.6
Network_security_services	Mozilla	3.7.2	3.7.2
Network_security_services	Mozilla	3.3	3.3
Enterprise_server	Netscape	3.1	3.1
One_web_server	Sun	4.1	4.1
Network_security_services	Mozilla	3.7.3	3.7.3
Directory_server	Netscape	3.12	3.12
Enterprise_server	Netscape	3.4	3.4
Network_security_services	Mozilla	3.4.2	3.4.2
One_web_server	Sun	4.1	4.1
One_web_server	Sun	4.1	4.1
Certificate_server	Netscape	4.2	4.2
Personalization_engine	Netscape	*	*
Network_security_services	Mozilla	3.3.2	3.3.2
Java_system_application_server	Sun	7.0	7.0
Enterprise_server	Netscape	4.1	4.1
One_application_server	Sun	6.0	6.0
Directory_server	Netscape	4.11	4.11
Enterprise_server	Netscape	2.0.1c	2.0.1c
Enterprise_server	Netscape	3.0	3.0
Enterprise_server	Netscape	3.5	3.5
Enterprise_server	Netscape	5.0	5.0
Enterprise_server	Netscape	4.1	4.1
Network_security_services	Mozilla	3.5	3.5
Java_system_application_server	Sun	7.0	7.0
One_web_server	Sun	4.1	4.1
One_web_server	Sun	6.0	6.0
One_web_server	Sun	4.1	4.1
Enterprise_server	Netscape	3.3	3.3
Directory_server	Netscape	4.13	4.13
Enterprise_server	Netscape	3.2	3.2
Enterprise_server	Netscape	4.1	4.1
Java_system_application_server	Sun	7.0	7.0
Enterprise_server	Netscape	3.5.1	3.5.1
Enterprise_server	Netscape	3.6	3.6
One_web_server	Sun	4.1	4.1
Network_security_services	Mozilla	3.3.1	3.3.1
Enterprise_server	Netscape	3.0l	3.0l

References

http://xforce.iss.net/xforce/alerts/id/180
http://www.securityfocus.com/bid/11015
http://marc.info/?l=bugtraq\u0026m=109351293827731\u0026w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/16314

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0826
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html