IBM Information for VU#258555

OpenSSL clients contain a buffer overflow during the SSL3 handshake process

Status

Affected

Vendor Statement

IBM's AIX operating system does not ship with OpenSSL; however, OpenSSL is
available for installation on AIX via the Linux Affinity Toolkit. The
version included on the Toolkit CD is vulnerable to the issues discussed
here as will as the version of OpenSSL available for downloading from the
IBM Linux Affinity website. Anyone running this version is advised to
upgrade to the new version available from the website. This will be
available within the next few days and can be downloaded from

             http://www6.software.ibm.com/dl/aixtbx/aixtbx-p

This site contains Linux Affinity applications using cryptographic
algorithms. New users to this site are asked to register first.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.