CVE-2010-0433

openssl: crash caused by a missing krb5_sname_to_principal() return value check

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.

La funcion kssl_keytab_is_available en ssl/kssl.c en OpenSSL before v0.9.8n, cuando Kerberos esta activo pero los ficheros de configuracion de Kerberos no pueden ser abiertos, no comprueba adecuadamente cierto valor de retorno, lo que permite a atacantes remotos producir una denegacion de servicio (desreferencia a puntero nulo y caida de demonio) a traves de la negociacion del cifrado SSL, lo que se demuestra mediante la instalacion chroot de Dovecot o stunnel sin los ficheros de configuracion de Kerberos dentro de chroot.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-01-27 CVE Reserved
2010-03-05 CVE Published
2023-03-07 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (32)

URL	Tag	Source
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc	X_refsource_confirm
http://cvs.openssl.org/chngview?cn=19374	X_refsource_confirm
http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7	X_refsource_misc
http://secunia.com/advisories/39461	Third Party Advisory
http://secunia.com/advisories/39932	Third Party Advisory
http://secunia.com/advisories/42724	Third Party Advisory
http://secunia.com/advisories/42733	Third Party Advisory
http://secunia.com/advisories/43311	Third Party Advisory
http://www.mail-archive.com/dovecot%40dovecot.org/msg26224.html	Mailing List
http://www.openssl.org/news/changelog.html	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2010/03/03/5	Mailing List
http://www.securityfocus.com/archive/1/516397/100/0/threaded	Mailing List
http://www.vmware.com/security/advisories/VMSA-2011-0003.html	X_refsource_confirm
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html	X_refsource_confirm
http://www.vupen.com/english/advisories/2010/0839	Vdb Entry
http://www.vupen.com/english/advisories/2010/0916	Vdb Entry
http://www.vupen.com/english/advisories/2010/0933	Vdb Entry
http://www.vupen.com/english/advisories/2010/1216	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=567711	X_refsource_confirm
https://kb.bluecoat.com/index?page=content&id=SA50	X_refsource_confirm
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html	Mailing List
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html	Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12260	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6718	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9856	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html	2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html	2023-02-13
http://marc.info/?l=bugtraq&m=127128920008563&w=2	2023-02-13
http://marc.info/?l=bugtraq&m=127557640302499&w=2	2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=569774	2010-03-25
https://access.redhat.com/security/cve/CVE-2010-0433	2010-03-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				<= 0.9.8m Search vendor "Openssl" for product "Openssl" and version " <= 0.9.8m"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8 Search vendor "Openssl" for product "Openssl" and version "0.9.8"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8a Search vendor "Openssl" for product "Openssl" and version "0.9.8a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8b Search vendor "Openssl" for product "Openssl" and version "0.9.8b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8c Search vendor "Openssl" for product "Openssl" and version "0.9.8c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8d Search vendor "Openssl" for product "Openssl" and version "0.9.8d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8e Search vendor "Openssl" for product "Openssl" and version "0.9.8e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8f Search vendor "Openssl" for product "Openssl" and version "0.9.8f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8g Search vendor "Openssl" for product "Openssl" and version "0.9.8g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8h Search vendor "Openssl" for product "Openssl" and version "0.9.8h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8i Search vendor "Openssl" for product "Openssl" and version "0.9.8i"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8j Search vendor "Openssl" for product "Openssl" and version "0.9.8j"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8k Search vendor "Openssl" for product "Openssl" and version "0.9.8k"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8l Search vendor "Openssl" for product "Openssl" and version "0.9.8l"		-		Affected