[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110210

 
 

909

 
 

86021

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2010-0433Date: (C)2010-03-05   (M)2018-06-11


The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 4.3
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: NONE
Scope: Integrity: NONE
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded
SECUNIA-39461
SECUNIA-39932
SECUNIA-42724
SECUNIA-42733
SECUNIA-43311
ADV-2010-0839
ADV-2010-0916
ADV-2010-0933
ADV-2010-1216
FEDORA-2010-5357
FEDORA-2010-5744
IAVM:2011-A-0066
MDVSA-2010:076
SSRT100058
SSRT100108
http://www.mail-archive.com/dovecot@dovecot.org/msg26224.html
http://www.openwall.com/lists/oss-security/2010/03/03/5
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
http://cvs.openssl.org/chngview?cn=19374
http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7
http://www.openssl.org/news/changelog.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
https://bugzilla.redhat.com/show_bug.cgi?id=567711
https://bugzilla.redhat.com/show_bug.cgi?id=569774
https://kb.bluecoat.com/index?page=content&id=SA50

CPE    14
cpe:/a:openssl:openssl:0.9.8
cpe:/a:openssl:openssl:0.9.8g
cpe:/a:openssl:openssl:0.9.8h
cpe:/a:openssl:openssl:0.9.8i
...
CWE    1
CWE-20
OVAL    11
oval:org.secpod.oval:def:841
oval:org.secpod.oval:def:100033
oval:org.secpod.oval:def:100122
oval:org.secpod.oval:def:103233
...

© SecPod Technologies