4.3
CVE-2010-0433
- EPSS 7.86%
- Veröffentlicht 05.03.2010 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:16:09
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.86% | 0.939 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
http://secunia.com/advisories/42724
http://secunia.com/advisories/42733
https://kb.bluecoat.com/index?page=content&id=SA50
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
http://marc.info/?l=bugtraq&m=127557640302499&w=2
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
http://marc.info/?l=bugtraq&m=127128920008563&w=2
http://secunia.com/advisories/39461
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
http://www.vupen.com/english/advisories/2010/0916
http://www.vupen.com/english/advisories/2010/0933
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
http://www.vupen.com/english/advisories/2010/0839
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
http://secunia.com/advisories/39932
http://www.vupen.com/english/advisories/2010/1216
http://cvs.openssl.org/chngview?cn=19374
http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7
http://secunia.com/advisories/43311
http://www.mail-archive.com/dovecot%40dovecot.org/msg26224.html
http://www.openssl.org/news/changelog.html
http://www.openwall.com/lists/oss-security/2010/03/03/5
https://bugzilla.redhat.com/show_bug.cgi?id=567711
https://bugzilla.redhat.com/show_bug.cgi?id=569774
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12260
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6718
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9856