ISS X-Force reports that a remotely exploitable buffer
overflow exists in the Netscape Security Services (NSS)
library's implementation of SSLv2. From their advisory:
The NSS library contains a flaw in SSLv2 record parsing
that may lead to remote compromise. When parsing the
first record in an SSLv2 negotiation, the client hello
message, the server fails to validate the length of a
record field. As a result, it is possible for an attacker
to trigger a heap-based overflow of arbitrary length.
Note that the vulnerable NSS library is also present in
Mozilla-based browsers. However, it is not believed that
browsers are affected, as the vulnerability is present only in
code used by SSLv2 *servers*.