Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2010-0433

Disclosure Date: March 05, 2010 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

openssl

Products

References

Canonical

CVE-2010-0433 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433)

Advisory

ADV-2010-0916 (http://www.vupen.com/english/advisories/2010/0916)

SECUNIA-42724 (http://secunia.com/advisories/42724)

SECUNIA-39461 (http://secunia.com/advisories/39461)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9856

https://bugzilla.redhat.com/show_bug.cgi?id=569774

FEDORA-2010-5357 (http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html)

HPSBUX02531 (http://marc.info?l=bugtraq&m=127557640302499&w=2)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12260

[oss-security] 20100303 OpenSSL (with KRB5) remote crash - CVE-2010-0433 (http://www.openwall.com/lists/oss-security/2010/03/03/5)

[dovecot] 20100219 segfault - (imap|pop3)-login during nessus scan (http://www.mail-archive.com/dovecot@dovecot.org/msg26224.html)

[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released (https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html)

https://bugzilla.redhat.com/show_bug.cgi?id=567711

http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

ADV-2010-0839 (http://www.vupen.com/english/advisories/2010/0839)

http://cvs.openssl.org/chngview?cn=19374

http://www.mandriva.com/security/advisories?name=MDVSA-2010:076

HPSBUX02517 (http://marc.info?l=bugtraq&m=127128920008563&w=2)

[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released (https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html)

SECUNIA-39932 (http://secunia.com/advisories/39932)

http://www.openssl.org/news/changelog.html

ADV-2010-0933 (http://www.vupen.com/english/advisories/2010/0933)

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

https://kb.bluecoat.com/index?page=content&id=SA50

20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX (http://www.securityfocus.com/archive/1/516397/100/0/threaded)

SECUNIA-43311 (http://secunia.com/advisories/43311)

ADV-2010-1216 (http://www.vupen.com/english/advisories/2010/1216)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6718

SECUNIA-42733 (http://secunia.com/advisories/42733)

FEDORA-2010-5744 (http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html)

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc

Miscellaneous

http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7

http://marc.info/?l=bugtraq&m=127557640302499&w=2

http://marc.info/?l=bugtraq&m=127128920008563&w=2

http://www.mail-archive.com/dovecot%40dovecot.org/msg26224.html

Rapid7

Technical Analysis