Back to search
CVE-2010-0433
Published: Mar 5, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2010-0916
vdb-entry
x_refsource_VUPEN
42724
third-party-advisory
x_refsource_SECUNIA
39461
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:9856
vdb-entry
signature
x_refsource_OVAL
https://bugzilla.redhat.com/show_bug.cgi?id=569774
x_refsource_CONFIRM
FEDORA-2010-5357
vendor-advisory
x_refsource_FEDORA
HPSBUX02531
vendor-advisory
x_refsource_HP
oval:org.mitre.oval:def:12260
vdb-entry
signature
x_refsource_OVAL
[oss-security] 20100303 OpenSSL (with KRB5) remote crash - CVE-2010-0433
mailing-list
x_refsource_MLIST
[dovecot] 20100219 segfault - (imap|pop3)-login during nessus scan
mailing-list
x_refsource_MLIST
[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=567711
x_refsource_CONFIRM
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
x_refsource_CONFIRM
ADV-2010-0839
vdb-entry
x_refsource_VUPEN
http://cvs.openssl.org/chngview?cn=19374
x_refsource_CONFIRM
SSRT100108
vendor-advisory
x_refsource_HP
MDVSA-2010:076
vendor-advisory
x_refsource_MANDRIVA
HPSBUX02517
vendor-advisory
x_refsource_HP
[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released
mailing-list
x_refsource_MLIST
39932
third-party-advisory
x_refsource_SECUNIA
http://www.openssl.org/news/changelog.html
x_refsource_CONFIRM
ADV-2010-0933
vdb-entry
x_refsource_VUPEN
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
x_refsource_CONFIRM
SSRT100058
vendor-advisory
x_refsource_HP
https://kb.bluecoat.com/index?page=content&id=SA50
x_refsource_CONFIRM
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
mailing-list
x_refsource_BUGTRAQ
43311
third-party-advisory
x_refsource_SECUNIA
ADV-2010-1216
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:6718
vdb-entry
signature
x_refsource_OVAL
42733
third-party-advisory
x_refsource_SECUNIA
FEDORA-2010-5744
vendor-advisory
x_refsource_FEDORA
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now