AOL Instant Messenger NSS Library Memory Leak Vulnerability

2006-06-27T00:00:00
ID SECURITYVULNS:DOC:13321
Type securityvulns
Reporter Securityvulns
Modified 2006-06-27T00:00:00

Description

Description: AOL Instant Messenger (AIM) is susceptible to affected to DoS-type memory leak vulnerability disclosed in Mozilla Network Security Services library implementation. This library is shipped with the AIM 5.9 utility.

Reportedly the Network Security Services (NSS) library will leak 256 bytes of memory per RSA cryptographic operation. After a certain amount of time, this causes the system to run out of memory and may lead to a system hang or panic state.

The following Network Security Services library version was shipped with the AOL Instant Messenger version 5.9.3861.0 (newest 5.9.x version): C:\Program Files\AIM (NSS Base Library) 3.9.2.0 (August 2004)

Solution status: No updated version available from the vendor at the time of reporting.

References: Sun Alert ID #102461: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102461-1

NSS Project home page: http://www.mozilla.org/projects/security/pki/nss/

Best regards, Juha-Matti Laurio Networksecurity.fi http://www.networksecurity.fi/