Public Date:

The MITRE CVE dictionary describes this issue as:

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Find out more about CVE-2004-0112 from the MITRE CVE dictionary dictionary and NIST NVD.


Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux version 3 RHSA-2004:120 2004-03-17
Red Hat Linux 9 (openssl) RHSA-2004:121 2004-03-17

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 3 openssl096b 0.9.6b-16 Fixed
Red Hat Enterprise Linux version 3 openssl 0.9.7a-33.4 Fixed