Lucene search

K

[email protected]CVE-2010-0433

HistoryMar 05, 2010 - 7:30 p.m.

CVE-2010-0433

2010-03-0519:30:00

CWE-20

[email protected]

web.nvd.nist.gov

51

openssl

vulnerability

kssl_keytab_is_available

denial of service

null pointer dereference

daemon crash

ssl

cipher negotiation

nvd

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.08 Low

EPSS

Percentile

94.2%

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.

CPENameOperatorVersion
openssl:opensslopenssleq0.9.8b
openssl:opensslopenssleq0.9.8c
openssl:opensslopenssleq0.9.8e
openssl:opensslopensslle0.9.8m
openssl:opensslopenssleq0.9.8g
openssl:opensslopenssleq0.9.8k
openssl:opensslopenssleq0.9.8d
openssl:opensslopenssleq0.9.8j
openssl:opensslopenssleq0.9.8l
openssl:opensslopenssleq0.9.8a

Rows per page:

1-10 of 141

References

aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc

cvs.openssl.org/chngview?cn=19374

groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7

lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html

lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html

marc.info/?l=bugtraq&m=127128920008563&w=2

marc.info/?l=bugtraq&m=127557640302499&w=2

secunia.com/advisories/39461

secunia.com/advisories/39932

secunia.com/advisories/42724

secunia.com/advisories/42733

secunia.com/advisories/43311

www.mail-archive.com/dovecot%40dovecot.org/msg26224.html

www.mandriva.com/security/advisories?name=MDVSA-2010:076

www.openssl.org/news/changelog.html

www.openwall.com/lists/oss-security/2010/03/03/5

www.securityfocus.com/archive/1/516397/100/0/threaded

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

www.vupen.com/english/advisories/2010/0839

www.vupen.com/english/advisories/2010/0916

www.vupen.com/english/advisories/2010/0933

www.vupen.com/english/advisories/2010/1216

bugzilla.redhat.com/show_bug.cgi?id=567711

bugzilla.redhat.com/show_bug.cgi?id=569774

kb.bluecoat.com/index?page=content&id=SA50

lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html

lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12260

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6718

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9856

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.08 Low

EPSS

Percentile

94.2%

Related for CVE-2010-0433

veracode1 openssl1 ubuntucve1 f52 openvas31 prion1 debiancve1 altlinux4 nessus22 securityvulns2 slackware1 redhat2 oraclelinux1 centos1 fedora4 vmware2 gentoo1 lenovo2