[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-0433

Date: (C)2010-03-05   (M)2017-09-22
 
CVSS Score: 4.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL











The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.

Reference:
http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded
SECUNIA-39461
SECUNIA-39932
SECUNIA-42724
SECUNIA-42733
SECUNIA-43311
ADV-2010-0839
ADV-2010-0916
ADV-2010-0933
ADV-2010-1216
FEDORA-2010-5357
FEDORA-2010-5744
IAVM:2011-A-0066
MDVSA-2010:076
SSRT100058
SSRT100108
http://www.mail-archive.com/dovecot@dovecot.org/msg26224.html
http://www.openwall.com/lists/oss-security/2010/03/03/5
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
http://cvs.openssl.org/chngview?cn=19374
http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7
http://www.openssl.org/news/changelog.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
https://bugzilla.redhat.com/show_bug.cgi?id=567711
https://bugzilla.redhat.com/show_bug.cgi?id=569774
https://kb.bluecoat.com/index?page=content&id=SA50

CPE    14
cpe:/a:openssl:openssl:0.9.8
cpe:/a:openssl:openssl:0.9.8g
cpe:/a:openssl:openssl:0.9.8h
cpe:/a:openssl:openssl:0.9.8i
...
CWE    1
CWE-20
OVAL    11
oval:org.secpod.oval:def:500412
oval:org.secpod.oval:def:841
oval:org.secpod.oval:def:100122
oval:org.secpod.oval:def:201721
...

© 2013 SecPod Technologies