The MITRE CVE dictionary describes this issue as:
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat security errata
|Red Hat Enterprise Linux version 3||RHSA-2004:120||March 17, 2004|
|Red Hat Linux 9 (openssl)||RHSA-2004:121||March 17, 2004|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.