• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

OpenSSL Kerberos Enabled SSLv3 Master Key Exchange Buffer Overflow Vulnerability

Solution:
A patch has been made by Ben Laurie <ben@algroup.co.uk>. It should be noted that this patch has not been thoroughly tested.

HP has made fixes available in the form of upgrade packages. Packages are available at http://www.software.hp.com/ISS_products_list.html, and are binary versions of Apache 1.3.26.05 and 2.0.39.05 respectively.

Sun has stated that the Crypto Accelerator 1000 board is vulnerable to this issue. A patch (112869-02) is available for download.

Sun has a new patch available for download. The patch, 113355-01, is for Crypto Accelerator 1000 1.1 board for Solaris 8 or 9.


Sun Crypto Accelerator 1000

• Sun 112869-02
  Sun Crypto Accelerator 1000 1.0 (for Solaris 8)
  http://sunsolve.sun.com/pub-cgi/patchDownload.pl?target=112869&method= f


• Sun 113355-01
  Sun Crypto Accelerator 1000 1.1 (for Solaris 8 and 9)
  http://sunsolve.sun.com/pub-cgi/patchDownload.pl?target=113355&method= f

OpenSSL Project OpenSSL 0.9.7 beta2

• Ben Laurie openssl-0.9.7-sec.patch
  Submitted by Ben Laurie .
  http://downloads.securityfocus.com/vulnerabilities/patches/openssl-0.9 .7-sec.patch

OpenSSL Project OpenSSL 0.9.7 beta1

• Ben Laurie openssl-0.9.7-sec.patch
  Submitted by Ben Laurie .
  http://downloads.securityfocus.com/vulnerabilities/patches/openssl-0.9 .7-sec.patch

HP Webproxy 1.0

• HP PHSS_27655
  http://itrc.hp.com

HP Webproxy 2.0

• HP PHSS_27656
  http://itrc.hp.com

Novell NetMail 3.10

• Novell netmail310e.zip
  http://support.novell.com/servlet/filedownload/pub/netmail310e.zip

Novell NetMail 3.10 b

• Novell netmail310e.zip
  http://support.novell.com/servlet/filedownload/pub/netmail310e.zip

Novell NetMail 3.10 c

• Novell netmail310e.zip
  http://support.novell.com/servlet/filedownload/pub/netmail310e.zip

Novell NetMail 3.10 a

• Novell netmail310e.zip
  http://support.novell.com/servlet/filedownload/pub/netmail310e.zip

Novell NetMail 3.10 d

• Novell netmail310e.zip
  http://support.novell.com/servlet/filedownload/pub/netmail310e.zip

HP VirtualVault 4.5

• HP PHSS_27477
  http://itrc.hp.com


• HP PHSS_27627
  http://itrc.hp.com

HP VirtualVault 4.6

• HP PHSS_27263
  http://itrc.hp.com


• HP PHSS_27423
  http://itrc.hp.com


• HP PHSS_27476
  http://itrc.hp.com


• HP PHSS_27637
  http://itrc.hp.com