Vulnerability Name: CVE-2010-0433 (CCN-56672) Assigned: 2010-01-19 Published: 2010-01-19 Updated: 2023-02-13 Summary: The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P 3.3 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:TF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P 3.3 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:TF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
4.3 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P 3.3 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:TF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Consequences: Denial of Service References: Source: secalert@redhat.comsecalert@redhat.com CVE-2010-0433 OpenSSL secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com VMware ESX third party updates for Service Console secalert@redhat.com secalert@redhat.com Important: openssl security update OpenSSL Kerberos "kssk_keytab_is_available()" Denial of Service VooDoo cIRCle OpenSSL Multiple Vulnerabilities VMware ESX Server Service Console Multiple Vulnerabilities Blue Coat Reporter OpenSSL Multiple Vulnerabilities Blue Coat Reporter OpenSSL Multiple Vulnerabilities syslog-ng Multiple Vulnerabilities VMware vCenter Server OpenSSL Denial of Service Vulnerabilities In Win32/64 binary releases there are vulnerable OpenSSL DLL files In Win32 binary release of sub-project XTelnet there are vulnerable OpenSSL DLL files secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com OpenSSL Kerberos ssl/kssl.c kssk_keytab_is_available() Function NULL Dereference DoS secalert@redhat.com OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnerability secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com CVE-2010-0433 openssl: crash caused by a missing krb5_sname_to_principal() return value check secalert@redhat.com openssl-ksskkeytabisavailable-dos(56672) Multiple SSL/TLS vulnerabilities in Reporter secalert@redhat.com syslog-ng Premium Edition 3.0.6a has been released secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com Vulnerable Configuration: Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Configuration CCN 1 :cpe:/a:openssl:openssl:0.9.7a:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6i:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6k:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6a:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7b:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7c:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.8a:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.1c:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.2b:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.3:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.3a:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.4:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.5:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.5a:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6b:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6c:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6d:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6e:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6f:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6g:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6h:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6j:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6l:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.6m:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7d:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7e:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7f:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7g:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7h:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7i:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7j:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7k:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7l:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.8:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.8b:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.8c:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.8d:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.8e:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.8f:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.8g:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.8h:*:*:*:*:*:*:* OR cpe:/a:balabit:syslog-ng:2.0.9::premium:*:*:*:*:* OR cpe:/a:balabit:syslog-ng:2.0.6::premium:*:*:*:*:* OR cpe:/a:balabit:syslog-ng:2.0.5::premium:*:*:*:*:* OR cpe:/a:balabit:syslog-ng:2.0.4::premium:*:*:*:*:* OR cpe:/a:balabit:syslog-ng:2.0.3::premium:*:*:*:*:* OR cpe:/a:balabit:syslog-ng:2.0.2::premium:*:*:*:*:* OR cpe:/a:balabit:syslog-ng:2.0.1::premium:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.8i:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.8j:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.8k:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.7m:*:*:*:*:*:*:* OR cpe:/a:openssl:openssl:0.9.8l:*:*:*:*:*:*:* AND cpe:/a:openssl:openssl:*:*:*:*:*:*:*:* OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:* OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:* OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:* OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:* Oval Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:12260 V HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS) 2015-04-20 oval:org.mitre.oval:def:24792 V Vulnerability in OpenSSL before 0.9.8n, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) 2014-08-18 oval:org.mitre.oval:def:23054 P ELSA-2010:0162: openssl security update (Important) 2014-05-26 oval:org.mitre.oval:def:22196 P RHSA-2010:0162: openssl security update (Important) 2014-02-24 oval:org.mitre.oval:def:20886 V "Record of death" vulnerability 2014-01-20 oval:org.mitre.oval:def:6718 V VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR. 2014-01-20 oval:org.mitre.oval:def:9856 V The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. 2013-04-29 oval:com.redhat.rhsa:def:20100162 P RHSA-2010:0162: openssl security update (Important) 2010-03-25
BACK
openssl openssl 0.9.7a
openssl openssl 0.9.6i
openssl openssl 0.9.7
openssl openssl 0.9.6k
openssl openssl 0.9.6a
openssl openssl 0.9.7b
openssl openssl 0.9.7c
openssl openssl 0.9.8a
openssl openssl 0.9.1c
openssl openssl 0.9.2b
openssl openssl 0.9.3
openssl openssl 0.9.3a
openssl openssl 0.9.4
openssl openssl 0.9.5
openssl openssl 0.9.5 beta1
openssl openssl 0.9.5 beta2
openssl openssl 0.9.5a
openssl openssl 0.9.5a beta1
openssl openssl 0.9.5a beta2
openssl openssl 0.9.6
openssl openssl 0.9.6 beta1
openssl openssl 0.9.6 beta2
openssl openssl 0.9.6 beta3
openssl openssl 0.9.6a beta1
openssl openssl 0.9.6a beta2
openssl openssl 0.9.6a beta3
openssl openssl 0.9.6b
openssl openssl 0.9.6c
openssl openssl 0.9.6d
openssl openssl 0.9.6e
openssl openssl 0.9.6f
openssl openssl 0.9.6g
openssl openssl 0.9.6h
openssl openssl 0.9.6j
openssl openssl 0.9.6l
openssl openssl 0.9.6m
openssl openssl 0.9.7 beta1
openssl openssl 0.9.7 beta2
openssl openssl 0.9.7 beta3
openssl openssl 0.9.7 beta4
openssl openssl 0.9.7 beta5
openssl openssl 0.9.7 beta6
openssl openssl 0.9.7d
openssl openssl 0.9.7e
openssl openssl 0.9.7f
openssl openssl 0.9.7g
openssl openssl 0.9.7h
openssl openssl 0.9.7i
openssl openssl 0.9.7j
openssl openssl 0.9.7k
openssl openssl 0.9.7l
openssl openssl 0.9.8
openssl openssl 0.9.8b
openssl openssl 0.9.8c
openssl openssl 0.9.8d
openssl openssl 0.9.8e
openssl openssl 0.9.8f
openssl openssl 0.9.8g
openssl openssl 0.9.8h
balabit syslog-ng 2.0.9
balabit syslog-ng 2.0.6
balabit syslog-ng 2.0.5
balabit syslog-ng 2.0.4
balabit syslog-ng 2.0.3
balabit syslog-ng 2.0.2
balabit syslog-ng 2.0.1
openssl openssl 0.9.8i
openssl openssl 0.9.8j
openssl openssl 0.9.8k
openssl openssl 0.9.7m
openssl openssl 0.9.8l
openssl openssl *
mandrakesoft mandrake multi network firewall 2.0
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
redhat enterprise linux 5
redhat enterprise linux 5
mandrakesoft mandrake linux 2008.0
redhat enterprise linux 5
mandrakesoft mandrake linux 2008.0
mandriva linux 2009.0
mandriva linux 2009.0 -
mandriva linux 2009.1
mandriva linux 2009.1
mandriva enterprise server 5
mandriva enterprise server 5
mandriva linux 2010
mandriva linux 2010
Denotes that component is vulnerable