4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.08 Low
EPSS
Percentile
94.2%
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before
0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be
opened, does not check a certain return value, which allows remote
attackers to cause a denial of service (NULL pointer dereference and daemon
crash) via SSL cipher negotiation, as demonstrated by a chroot installation
of Dovecot or stunnel without Kerberos configuration files inside the
chroot.
Author | Note |
---|---|
mdeslaur | Ubuntu doesnโt build openssl with kerberos support |