IBM Information for VU#459371
Multiple IPsec implementations do not adequately validate authentication data
- Vendor Information Help Date Notified: 20 Aug 2002
- Statement Date:
- Date Updated: 11 Dec 2002
The AIX operating system is vulnerable to the IPSec issues in releases 4.3.3, 5.1.0 and 5.2.0. Temporary patches are available through an efix package. The efix is available at the following URL:
The following APARs will be available in the near future:
- AIX 4.3.3 APAR IY37800 (available approx 1/29/03)
AIX 5.1.0 APAR IY37069 (available approx 12/18/02)
AIX 5.2.0 APAR IY37182 (available approx 4/28/03)
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.