A flaw in SSL/TLS handshaking code when using Kerberos ciphersuites. A remote attacker could perform a carefully crafted SSL/TLS handshake against a server configured to use Kerberos ciphersuites in such a way as to cause OpenSSL to crash. Most applications have no ability to use Kerberos ciphersuites and will therefore be unaffected. Reported by OpenSSL group (Stephen Henson).
- Fixed in OpenSSL 0.9.7d (Affected 0.9.7a-0.9.7c)