COMMAND

    Netscape

SYSTEMS AFFECTED

    HP9000 Series 7/800 running HP-UX releases 10.X and 11.00

PROBLEM

    The Million  Question vulnerability  affects the  use of  RSA Data
    Security encryption algorithms with Netscape server products  that
    support  Secure   Sockets  Layer   (SSL).   The   nature  of   the
    vulnerability is that a single encrypted SSL network  conversation
    could be  recorded and  subsequently decrypted.   A  cryptanalytic
    vulnerability could potentially be used to discover the key for  a
    particular  encrypted  session  through  a  process  of repeatedly
    sending approximately one  million carefully constructed  messages
    to a target server and observing the server's response.

    According  to  RSA  Data  Security,  Inc.,   this potential attack
    against  secure  Web  communications  is  currently the subject of
    research and has not been reported by any users. Servers impacted:

        - FastTrack
        - Enterprise
        - Proxy

        - Messaging
        - Collabora

SOLUTION

    Product  replacements  are  available   for  these  two   Servers.
    Recommended solution:

        http://help.netscape.com/products/server/ssldiscovery/index.html