Red Hat Inc. Information for VU#561275
OpenSSL servers contain a remotely exploitable buffer overflow vulnerability during the SSL3 handshake process
- Vendor Information Help Date Notified: 29 Jul 2002
- Statement Date:
- Date Updated: 09 Aug 2002
Red Hat distributes affected versions of OpenSSL in all Red Hat Linux distributions as well as the Stronghold web server. Red Hat Linux errata packages that fix the above vulnerabilities (CAN-2002-0655 and CAN-2002-0656) are available from the URL below. Users of the Red Hat Network are able to update their systems using the 'up2date' tool. A future update will fix the potential remote DOS in the ASN.1 encoding (CAN-2002-0659).
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.