CVE-2010-0433

openssl: crash caused by a missing krb5_sname_to_principal() return value check

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.

La funcion kssl_keytab_is_available en ssl/kssl.c en OpenSSL before v0.9.8n, cuando Kerberos esta activo pero los ficheros de configuracion de Kerberos no pueden ser abiertos, no comprueba adecuadamente cierto valor de retorno, lo que permite a atacantes remotos producir una denegacion de servicio (desreferencia a puntero nulo y caida de demonio) a traves de la negociacion del cifrado SSL, lo que se demuestra mediante la instalacion chroot de Dovecot o stunnel sin los ficheros de configuracion de Kerberos dentro de chroot.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-01-27 CVE Reserved
2010-03-05 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (32)

URL	Tag	Source
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc	X_refsource_confirm
http://cvs.openssl.org/chngview?cn=19374	X_refsource_confirm
http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7	X_refsource_misc
http://secunia.com/advisories/39461	Third Party Advisory
http://secunia.com/advisories/39932	Third Party Advisory
http://secunia.com/advisories/42724	Third Party Advisory
http://secunia.com/advisories/42733	Third Party Advisory
http://secunia.com/advisories/43311	Third Party Advisory
http://www.mail-archive.com/dovecot%40dovecot.org/msg26224.html	Mailing List
http://www.openssl.org/news/changelog.html	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2010/03/03/5	Mailing List
http://www.securityfocus.com/archive/1/516397/100/0/threaded	Mailing List
http://www.vmware.com/security/advisories/VMSA-2011-0003.html	X_refsource_confirm
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html	X_refsource_confirm
http://www.vupen.com/english/advisories/2010/0839	Vdb Entry
http://www.vupen.com/english/advisories/2010/0916	Vdb Entry
http://www.vupen.com/english/advisories/2010/0933	Vdb Entry
http://www.vupen.com/english/advisories/2010/1216	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=567711	X_refsource_confirm
https://kb.bluecoat.com/index?page=content&id=SA50	X_refsource_confirm
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html	Mailing List
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html	Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12260	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6718	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9856	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html	2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html	2023-02-13
http://marc.info/?l=bugtraq&m=127128920008563&w=2	2023-02-13
http://marc.info/?l=bugtraq&m=127557640302499&w=2	2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2010:076	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=569774	2010-03-25
https://access.redhat.com/security/cve/CVE-2010-0433	2010-03-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				<= 0.9.8m Search vendor "Openssl" for product "Openssl" and version " <= 0.9.8m"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8 Search vendor "Openssl" for product "Openssl" and version "0.9.8"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8a Search vendor "Openssl" for product "Openssl" and version "0.9.8a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8b Search vendor "Openssl" for product "Openssl" and version "0.9.8b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8c Search vendor "Openssl" for product "Openssl" and version "0.9.8c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8d Search vendor "Openssl" for product "Openssl" and version "0.9.8d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8e Search vendor "Openssl" for product "Openssl" and version "0.9.8e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8f Search vendor "Openssl" for product "Openssl" and version "0.9.8f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8g Search vendor "Openssl" for product "Openssl" and version "0.9.8g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8h Search vendor "Openssl" for product "Openssl" and version "0.9.8h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8i Search vendor "Openssl" for product "Openssl" and version "0.9.8i"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8j Search vendor "Openssl" for product "Openssl" and version "0.9.8j"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8k Search vendor "Openssl" for product "Openssl" and version "0.9.8k"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8l Search vendor "Openssl" for product "Openssl" and version "0.9.8l"		-		Affected