网络安全服务(NSS)是一组函数库,可跨平台提供SSL、S/MIME和其他Internet安全标准支持。
Sun Java Enterprise System和Java System目录服务器中所使用的NSS中存在内存泄露漏洞,如果远程攻击者执行了大量RSA加密操作的话,就会耗尽大量系统内存,导致拒绝服务。
Sun Java System Directory Server Enterprise Edition
Sun Java System Directory Server 5.2
Mozilla NSS 3.11
临时解决方法:
在UNIX系统上(通常以root用户):
# <server instance path>/start-slapd
在Windows系统上,打开“服务”面板然后手动启动服务。
厂商补丁:
Sun已经为此发布了安全公告(Sun-Alert-102896,Sun-Alert-102670,Sun-Alert-102461)以及相应补丁:
Sun-Alert-102896:Directory Server May Hang Due to a Memory Leak in the Network Security Services (NSS) Software
链接:<a href=“http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102896-1” target=“_blank”>http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102896-1</a>
Sun-Alert-102670:A Vulnerability in Network Security Services (NSS) Affects Sun Java System Web Server and Sun ONE Application Server
链接:<a href=“http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102670-1” target=“_blank”>http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102670-1</a>
Sun-Alert-102461:Systems With Sun Java Enterprise System Installed May Hang Due to a Memory Leak in the Network Security Services (NSS) Software
链接:<a href=“http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102461-1” target=“_blank”>http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102461-1</a>