Published: 05/03/2010 Updated: 13/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL prior to 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl 0.9.8b
openssl openssl 0.9.8c
openssl openssl 0.9.8e
openssl openssl
openssl openssl 0.9.8g
openssl openssl 0.9.8k
openssl openssl 0.9.8d
openssl openssl 0.9.8j
openssl openssl 0.9.8l
openssl openssl 0.9.8a
openssl openssl 0.9.8
openssl openssl 0.9.8i
openssl openssl 0.9.8f
openssl openssl 0.9.8h

Synopsis Important: openssl security update Type/Severity Security Advisory: Important Topic Updated openssl packages that fix several security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerabi ...

Debian Bug report logs - #614668 CVE-2010-0433: Buffer overflow Package: evince; Maintainer for evince is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for evince is src:evince (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 22 Feb 2011 22:03:01 UTC ...

CWE-20 https://bugzilla.redhat.com/show_bug.cgi?id=569774 http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7 http://www.openwall.com/lists/oss-security/2010/03/03/5 http://cvs.openssl.org/chngview?cn=19374 http://www.openssl.org/news/changelog.html https://bugzilla.redhat.com/show_bug.cgi?id=567711 http://www.vupen.com/english/advisories/2010/0839 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html http://www.vupen.com/english/advisories/2010/0933 http://www.mandriva.com/security/advisories?name=MDVSA-2010:076 http://secunia.com/advisories/39461 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html http://www.vupen.com/english/advisories/2010/0916 http://www.vupen.com/english/advisories/2010/1216 http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc http://secunia.com/advisories/39932 https://kb.bluecoat.com/index?page=content&id=SA50 http://secunia.com/advisories/42733 http://secunia.com/advisories/42724 http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html http://secunia.com/advisories/43311 http://marc.info/?l=bugtraq&m=127128920008563&w=2 http://marc.info/?l=bugtraq&m=127557640302499&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9856 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6718 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12260 http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.mail-archive.com/dovecot%40dovecot.org/msg26224.html https://access.redhat.com/errata/RHSA-2010:0162 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-0433

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect