IBM Information for VU#459371

Multiple IPsec implementations do not adequately validate authentication data



Vendor Statement

The AIX operating system is vulnerable to the IPSec issues in releases 4.3.3, 5.1.0 and 5.2.0. Temporary patches are available through an efix package. The efix is available at the following URL:

The following APARs will be available in the near future:
    AIX 4.3.3 APAR IY37800 (available approx 1/29/03)
    AIX 5.1.0 APAR IY37069 (available approx 12/18/02)
    AIX 5.2.0 APAR IY37182 (available approx 4/28/03)

    Vendor Information

    The vendor has not provided us with any further information regarding this vulnerability.

    Vendor References



    The CERT/CC has no additional comments at this time.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.