IBM Information for VU#102795
OpenSSL servers contain a buffer overflow during the SSL2 handshake process
- Vendor Information Help Date Notified: 29 Jul 2002
- Statement Date:
- Date Updated: 09 Aug 2002
IBM's AIX operating system does not ship with OpenSSL; however, OpenSSL is
available for installation on AIX via the Linux Affinity Toolkit. The
version included on the Toolkit CD is vulnerable to the issues discussed
here as will as the version of OpenSSL available for downloading from the
IBM Linux Affinity website. Anyone running this version is advised to
upgrade to the new version available from the website. This will be
available within the next few days and can be downloaded from
This site contains Linux Affinity applications using cryptographic
algorithms. New users to this site are asked to register first.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.