OpenSSL Kerberos Enabled SSLv3 Master Key Exchange Buffer Overflow Vulnerability

A patch has been made by Ben Laurie <>. It should be noted that this patch has not been thoroughly tested.

HP has made fixes available in the form of upgrade packages. Packages are available at, and are binary versions of Apache and respectively.

Sun has stated that the Crypto Accelerator 1000 board is vulnerable to this issue. A patch (112869-02) is available for download.

Sun has a new patch available for download. The patch, 113355-01, is for Crypto Accelerator 1000 1.1 board for Solaris 8 or 9.

Sun Crypto Accelerator 1000

OpenSSL Project OpenSSL 0.9.7 beta2

OpenSSL Project OpenSSL 0.9.7 beta1

HP Webproxy 1.0

HP Webproxy 2.0

Novell NetMail 3.10

Novell NetMail 3.10 b

Novell NetMail 3.10 c

Novell NetMail 3.10 a

Novell NetMail 3.10 d

HP VirtualVault 4.5

HP VirtualVault 4.6


Privacy Statement
Copyright 2010, SecurityFocus