IBM Information for VU#102795

OpenSSL servers contain a buffer overflow during the SSL2 handshake process



Vendor Statement

IBM's AIX operating system does not ship with OpenSSL; however, OpenSSL is
available for installation on AIX via the Linux Affinity Toolkit. The
version included on the Toolkit CD is vulnerable to the issues discussed
here as will as the version of OpenSSL available for downloading from the
IBM Linux Affinity website. Anyone running this version is advised to
upgrade to the new version available from the website. This will be
available within the next few days and can be downloaded from


This site contains Linux Affinity applications using cryptographic
algorithms. New users to this site are asked to register first.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.