National Cyber Awareness System

Vulnerability Summary for CVE-2010-0433

Overview

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MLIST

Name: [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released

Hyperlink:https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html

External Source: MLIST

Name: [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released

Hyperlink:https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html

External Source: CONFIRM

Name: https://kb.bluecoat.com/index?page=content&id=SA50

Hyperlink:https://kb.bluecoat.com/index?page=content&id=SA50

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=569774

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=569774

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=567711

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=567711

External Source: VUPEN

Name: ADV-2010-1216

Hyperlink:http://www.vupen.com/english/advisories/2010/1216

External Source: VUPEN

Name: ADV-2010-0933

Hyperlink:http://www.vupen.com/english/advisories/2010/0933

External Source: VUPEN

Name: ADV-2010-0916

Hyperlink:http://www.vupen.com/english/advisories/2010/0916

External Source: VUPEN

Name: ADV-2010-0839

Hyperlink:http://www.vupen.com/english/advisories/2010/0839

External Source: CONFIRM

Name: http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

Hyperlink:http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

External Source: CONFIRM

Name: http://www.vmware.com/security/advisories/VMSA-2011-0003.html

Hyperlink:http://www.vmware.com/security/advisories/VMSA-2011-0003.html

External Source: BUGTRAQ

Name: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded

External Source: MLIST

Name: [oss-security] 20100303 OpenSSL (with KRB5) remote crash - CVE-2010-0433

Hyperlink:http://www.openwall.com/lists/oss-security/2010/03/03/5

External Source: CONFIRM

Name: http://www.openssl.org/news/changelog.html

Hyperlink:http://www.openssl.org/news/changelog.html

External Source: MANDRIVA

Name: MDVSA-2010:076

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:076

External Source: MLIST

Name: [dovecot] 20100219 segfault - (imap|pop3)-login during nessus scan

Hyperlink:http://www.mail-archive.com/dovecot@dovecot.org/msg26224.html

External Source: SECUNIA

Name: 43311

Hyperlink:http://secunia.com/advisories/43311

External Source: SECUNIA

Name: 42733

Hyperlink:http://secunia.com/advisories/42733

External Source: SECUNIA

Name: 42724

Hyperlink:http://secunia.com/advisories/42724

External Source: SECUNIA

Name: 39932

Hyperlink:http://secunia.com/advisories/39932

External Source: SECUNIA

Name: 39461

Hyperlink:http://secunia.com/advisories/39461

External Source: OVAL

Name: oval:org.mitre.oval:def:9856

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9856

External Source: OVAL

Name: oval:org.mitre.oval:def:6718

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6718

External Source: OVAL

Name: oval:org.mitre.oval:def:12260

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12260

External Source: FEDORA

Name: FEDORA-2010-5357

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html

External Source: FEDORA

Name: FEDORA-2010-5744

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html

External Source: MISC

Name: http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7

Hyperlink:http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7

External Source: CONFIRM

Name: http://cvs.openssl.org/chngview?cn=19374

Hyperlink:http://cvs.openssl.org/chngview?cn=19374

External Source: CONFIRM

Name: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc

Hyperlink:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc

References to Check Content

Identifier:oval:org.mitre.oval:def:9856

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9856

Identifier:oval:org.mitre.oval:def:6718

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:6718

Identifier:oval:org.mitre.oval:def:12260

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12260