Executive Summary

Informations
Name CVE-2010-0433 First vendor Publication 2010-03-05
Vendor Cve Last vendor Modification 2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12260
 
Oval ID: oval:org.mitre.oval:def:12260
Title: HP-UX Running OpenSSL, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)
Description: The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0433
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20886
 
Oval ID: oval:org.mitre.oval:def:20886
Title: "Record of death" vulnerability
Description: The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0433
Version: 4
Platform(s): IBM AIX 6.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22196
 
Oval ID: oval:org.mitre.oval:def:22196
Title: RHSA-2010:0162: openssl security update (Important)
Description: The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
Family: unix Class: patch
Reference(s): RHSA-2010:0162-01
CESA-2010:0162
CVE-2009-3245
CVE-2009-3555
CVE-2010-0433
Version: 42
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23054
 
Oval ID: oval:org.mitre.oval:def:23054
Title: ELSA-2010:0162: openssl security update (Important)
Description: The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
Family: unix Class: patch
Reference(s): ELSA-2010:0162-01
CVE-2009-3245
CVE-2009-3555
CVE-2010-0433
Version: 17
Platform(s): Oracle Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24792
 
Oval ID: oval:org.mitre.oval:def:24792
Title: Vulnerability in OpenSSL before 0.9.8n, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash)
Description: The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0433
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6718
 
Oval ID: oval:org.mitre.oval:def:6718
Title: VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR.
Description: The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0433
Version: 5
Platform(s): VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9856
 
Oval ID: oval:org.mitre.oval:def:9856
Title: The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
Description: The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0433
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 257

OpenVAS Exploits

Date Description
2012-03-16 Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-01 (openssl)
File : nvt/glsa_201110_01.nasl
2011-08-09 Name : CentOS Update for openssl CESA-2010:0162 centos5 i386
File : nvt/gb_CESA-2010_0162_openssl_centos5_i386.nasl
2011-08-09 Name : CentOS Update for httpd CESA-2010:0168 centos5 i386
File : nvt/gb_CESA-2010_0168_httpd_centos5_i386.nasl
2010-06-25 Name : Fedora Update for openssl FEDORA-2010-9421
File : nvt/gb_fedora_2010_9421_openssl_fc11.nasl
2010-06-07 Name : HP-UX Update for Apache-based Web Server HPSBUX02531
File : nvt/gb_hp_ux_HPSBUX02531.nasl
2010-05-28 Name : Fedora Update for openssl FEDORA-2010-8742
File : nvt/gb_fedora_2010_8742_openssl_fc12.nasl
2010-04-30 Name : HP-UX Update for OpenSSL HPSBUX02517
File : nvt/gb_hp_ux_HPSBUX02517.nasl
2010-04-29 Name : Mandriva Update for openssl MDVSA-2010:076-1 (openssl)
File : nvt/gb_mandriva_MDVSA_2010_076_1.nasl
2010-04-20 Name : OpenSSL 'dtls1_retrieve_buffered_fragment()' Remote Denial of Service Vulnera...
File : nvt/gb_openssl_38533.nasl
2010-04-19 Name : Fedora Update for openssl FEDORA-2010-5357
File : nvt/gb_fedora_2010_5357_openssl_fc11.nasl
2010-04-19 Name : Mandriva Update for openssl MDVSA-2010:076 (openssl)
File : nvt/gb_mandriva_MDVSA_2010_076.nasl
2010-03-31 Name : RedHat Update for openssl RHSA-2010:0162-01
File : nvt/gb_RHSA-2010_0162-01_openssl.nasl
2010-03-31 Name : RedHat Update for httpd RHSA-2010:0168-01
File : nvt/gb_RHSA-2010_0168-01_httpd.nasl
2010-03-10 Name : OpenSSL 'kssl_keytab_is_available()' Denial Of Service Vulnerability (Win)
File : nvt/gb_openssl_sslkss_dos_vuln_win.nasl
2010-03-02 Name : Mandriva Update for rsh MDVA-2010:076 (rsh)
File : nvt/gb_mandriva_MDVA_2010_076.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-090-01 openssl
File : nvt/esoft_slk_ssa_2010_090_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
62719 OpenSSL Kerberos ssl/kssl.c kssk_keytab_is_available() Function NULL Derefere...

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-05-12 IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Nessus® Vulnerability Scanner

Date Description
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0015_remote.nasl - Type : ACT_GATHER_INFO
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO
2014-04-16 Name : The remote AIX host is running a vulnerable version of OpenSSL.
File : aix_openssl_advisory.nasl - Type : ACT_GATHER_INFO
2013-07-15 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2010-0015.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0162.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0168.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100325_httpd_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100325_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-01-04 Name : The remote SSL layer is affected by a denial of service vulnerability.
File : openssl_0_9_8p_1_0_0e.nasl - Type : ACT_GATHER_INFO
2011-10-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201110-01.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO
2010-10-04 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2010-0015.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-5357.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-5744.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-8742.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0162.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0168.nasl - Type : ACT_GATHER_INFO
2010-04-19 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-076.nasl - Type : ACT_GATHER_INFO
2010-04-02 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-090-01.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0168.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0162.nasl - Type : ACT_GATHER_INFO
2010-03-26 Name : The remote web server has multiple SSL-related vulnerabilities.
File : openssl_0_9_8n.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BUGTRAQ http://www.securityfocus.com/archive/1/516397/100/0/threaded
CONFIRM http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
http://cvs.openssl.org/chngview?cn=19374
http://www.openssl.org/news/changelog.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html
https://bugzilla.redhat.com/show_bug.cgi?id=567711
https://bugzilla.redhat.com/show_bug.cgi?id=569774
https://kb.bluecoat.com/index?page=content&id=SA50
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html
HP http://marc.info/?l=bugtraq&m=127128920008563&w=2
http://marc.info/?l=bugtraq&m=127557640302499&w=2
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2010:076
MISC http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e...
http://www.mail-archive.com/dovecot%40dovecot.org/msg26224.html
MLIST http://www.openwall.com/lists/oss-security/2010/03/03/5
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html
https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECUNIA http://secunia.com/advisories/39461
http://secunia.com/advisories/39932
http://secunia.com/advisories/42724
http://secunia.com/advisories/42733
http://secunia.com/advisories/43311
VUPEN http://www.vupen.com/english/advisories/2010/0839
http://www.vupen.com/english/advisories/2010/0916
http://www.vupen.com/english/advisories/2010/0933
http://www.vupen.com/english/advisories/2010/1216

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Date Informations
2024-02-02 01:12:40
  • Multiple Updates
2024-02-01 12:03:29
  • Multiple Updates
2023-09-05 12:11:50
  • Multiple Updates
2023-09-05 01:03:20
  • Multiple Updates
2023-09-02 12:11:53
  • Multiple Updates
2023-09-02 01:03:22
  • Multiple Updates
2023-08-12 12:14:04
  • Multiple Updates
2023-08-12 01:03:21
  • Multiple Updates
2023-08-11 12:11:56
  • Multiple Updates
2023-08-11 01:03:30
  • Multiple Updates
2023-08-06 12:11:28
  • Multiple Updates
2023-08-06 01:03:24
  • Multiple Updates
2023-08-04 12:11:33
  • Multiple Updates
2023-08-04 01:03:25
  • Multiple Updates
2023-07-14 12:11:30
  • Multiple Updates
2023-07-14 01:03:23
  • Multiple Updates
2023-03-29 01:13:11
  • Multiple Updates
2023-03-28 12:03:29
  • Multiple Updates
2023-02-13 09:29:12
  • Multiple Updates
2022-10-11 12:10:15
  • Multiple Updates
2022-10-11 01:03:11
  • Multiple Updates
2021-05-04 12:11:06
  • Multiple Updates
2021-04-22 01:11:39
  • Multiple Updates
2020-05-23 01:41:38
  • Multiple Updates
2020-05-23 00:25:14
  • Multiple Updates
2018-10-11 00:19:47
  • Multiple Updates
2018-08-10 12:01:43
  • Multiple Updates
2017-09-19 09:23:38
  • Multiple Updates
2016-08-23 09:24:36
  • Multiple Updates
2016-06-28 18:01:16
  • Multiple Updates
2016-04-26 19:33:39
  • Multiple Updates
2016-03-09 13:25:54
  • Multiple Updates
2016-03-05 13:26:42
  • Multiple Updates
2014-11-27 13:27:40
  • Multiple Updates
2014-04-17 13:25:35
  • Multiple Updates
2014-02-17 10:53:42
  • Multiple Updates
2013-11-11 12:38:38
  • Multiple Updates
2013-05-10 23:17:33
  • Multiple Updates