Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
This issue does not affect Red Hat Enterprise Linux 2.1 and 3.
This flaw was fixed in Red Hat Enterprise Linux 4 via errata RHSA-2005:527: