IBM Information for VU#104555

Buffer Overflow in mod_ssl

Status

Affected

Vendor Statement

The AIX operating system does not ship with mod_ssl. However, mod_ssl is available for installation on AIX from the Linux Affinity Toolbox.

Users using mod_ssl 2.8.10 are later are not vulnerable to the issues discussed in CERT Vulnerability Note VU#104555 and any advisories which follow.

This vulnerability is present in mod_ssl 2.8.9 and earlier; users are urged to upgrade as soon as possible.

The Linux Affinity Toolbox is available at:

http://www-1.ibm.com/servers/aix/products/aixos/linux/download.html

This software is offered on an "as-is" and is unwarranted.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.