Description

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.

Remediation

References

CVE-2010-0433

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2151)

WordPress Plugin Book appointment online Cross-Site Scripting (1.38)

WordPress Plugin WordPress Popups for Marketing and Email Newsletters, Lead Generation and Conversions by OptinMonster Security Bypass (1.1.4.5)

WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.1.22)

WordPress Plugin DW Question & Answer Cross-Site Request Forgery (1.5.7)

Severity

Medium

Classification

CVE-2010-0433 CWE-20

Tags

Missing Update Known Vulnerabilities