CVE - CVE-2010-0433

CVE-ID
CVE-2010-0433	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX URL:http://www.securityfocus.com/archive/1/516397/100/0/threaded MISC:39461 URL:http://secunia.com/advisories/39461 MISC:39932 URL:http://secunia.com/advisories/39932 MISC:42724 URL:http://secunia.com/advisories/42724 MISC:42733 URL:http://secunia.com/advisories/42733 MISC:43311 URL:http://secunia.com/advisories/43311 MISC:ADV-2010-0839 URL:~~http://www.vupen.com/english/advisories/2010/0839~~ (Obsolete source) MISC:ADV-2010-0916 URL:~~http://www.vupen.com/english/advisories/2010/0916~~ (Obsolete source) MISC:ADV-2010-0933 URL:~~http://www.vupen.com/english/advisories/2010/0933~~ (Obsolete source) MISC:ADV-2010-1216 URL:~~http://www.vupen.com/english/advisories/2010/1216~~ (Obsolete source) MISC:FEDORA-2010-5357 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html MISC:FEDORA-2010-5744 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html MISC:HPSBUX02517 URL:http://marc.info/?l=bugtraq&m=127128920008563&w=2 MISC:HPSBUX02531 URL:http://marc.info/?l=bugtraq&m=127557640302499&w=2 MISC:MDVSA-2010:076 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:076~~ (Obsolete source) MISC:SSRT100058 URL:http://marc.info/?l=bugtraq&m=127128920008563&w=2 MISC:SSRT100108 URL:http://marc.info/?l=bugtraq&m=127557640302499&w=2 MISC:[dovecot] 20100219 segfault - (imap\|pop3)-login during nessus scan URL:http://www.mail-archive.com/dovecot%40dovecot.org/msg26224.html MISC:[oss-security] 20100303 OpenSSL (with KRB5) remote crash - CVE-2010-0433 URL:http://www.openwall.com/lists/oss-security/2010/03/03/5 MISC:[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released URL:https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html MISC:[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released URL:https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html MISC:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc URL:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc MISC:http://cvs.openssl.org/chngview?cn=19374 URL:http://cvs.openssl.org/chngview?cn=19374 MISC:http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7 URL:http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7 MISC:http://www.openssl.org/news/changelog.html URL:http://www.openssl.org/news/changelog.html MISC:http://www.vmware.com/security/advisories/VMSA-2011-0003.html URL:http://www.vmware.com/security/advisories/VMSA-2011-0003.html MISC:http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html URL:http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=567711 URL:https://bugzilla.redhat.com/show_bug.cgi?id=567711 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=569774 URL:https://bugzilla.redhat.com/show_bug.cgi?id=569774 MISC:https://kb.bluecoat.com/index?page=content&id=SA50 URL:https://kb.bluecoat.com/index?page=content&id=SA50 MISC:oval:org.mitre.oval:def:12260 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12260 MISC:oval:org.mitre.oval:def:6718 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6718 MISC:oval:org.mitre.oval:def:9856 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9856
Assigning CNA
Red Hat, Inc.
Date Record Created
20100127	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100127)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)