Description
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
Remediation
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-2002-0079)
MySQL CVE-2016-3471 Vulnerability (CVE-2016-3471)
WordPress Plugin Enable Media Replace Directory Traversal (3.6.3)
WordPress Plugin Gallery-Video Gallery and Youtube Gallery SQL Injection (2.0.9)
WordPress Plugin Lim4wp 'upload.php' Arbitrary File Upload (1.1.1)