| Revision Date: | 2013-04-29 | Version: | 11 | | Title: | The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. | | Description: | The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. | | Family: | unix | Class: | vulnerability | | Status: | ACCEPTED | Reference(s): | CVE-2004-0112
| | Platform(s): | CentOS Linux 3
Red Hat Enterprise Linux 3
| Product(s): | | | Definition Synopsis | | RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3
OR CentOS Linux 3.x
AND Configuration section
openssl-perl is earlier than 0:0.9.7a-33.4
OR openssl-devel is earlier than 0:0.9.7a-33.4
OR openssl is earlier than 0:0.9.7a-33.4
OR openssl096b is earlier than 0:0.9.6b-16
|
|