IBM Corporation Information for VU#333628

OpenSSH contains buffer management errors

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The AIX Security Team is aware of the issues discussed in CERT
Vulnerability Note VU#333628 and CERT Advisory CA-2003-24.

OpenSSH is available for AIX via the AIX Toolbox for Linux or the
Bonus Pack.

OpenSSH 3.4p1, revision 9 contains fixes for this issue for the AIX Toolbox
for Linux. For more information about the AIX Toolbox for Linux or to download
OpenSSH 3.4p1 revision 9, please see:

http://www-1.ibm.com/servers/aix/products/aixos/linux/download.html

Please note that AIX Toolbox for Linux is available "as-is" and is unwarranted.

Patched versions of OpenSSH for the Bonus Pack on AIX 5.1 and 5.2 are available
Please see:

http://oss.software.ibm.com/developerworks/projects/opensshi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)

iD8DBQE/caebcnMXzUg7txIRAgOJAJ0Y6J/hQbjj55RfRv3cEzBhuNbN6wCdGghw
JuV94jCMTXFz9xzJD3b5qo4=
=Uhli
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.