OpenSSL Kerberos Enabled SSLv3 Master Key Exchange Buffer Overflow Vulnerability

Solution:
A patch has been made by Ben Laurie <ben@algroup.co.uk>. It should be noted that this patch has not been thoroughly tested.

HP has made fixes available in the form of upgrade packages. Packages are available at http://www.software.hp.com/ISS_products_list.html, and are binary versions of Apache 1.3.26.05 and 2.0.39.05 respectively.

Sun has stated that the Crypto Accelerator 1000 board is vulnerable to this issue. A patch (112869-02) is available for download.

Sun has a new patch available for download. The patch, 113355-01, is for Crypto Accelerator 1000 1.1 board for Solaris 8 or 9.


Sun Crypto Accelerator 1000

OpenSSL Project OpenSSL 0.9.7 beta2

OpenSSL Project OpenSSL 0.9.7 beta1

HP Webproxy 1.0

HP Webproxy 2.0

Novell NetMail 3.10

Novell NetMail 3.10 b

Novell NetMail 3.10 c

Novell NetMail 3.10 a

Novell NetMail 3.10 d

HP VirtualVault 4.5

HP VirtualVault 4.6


 

Privacy Statement
Copyright 2010, SecurityFocus