OpenSSL 'kssl_keytab_is_available()' Denial Of Service Vulnerability (Win) Network Vulnerability

Summary

This host is installed with OpenSSL and is prone to Denial Of Service Vulnerability.

Impact

Successful exploitation will allow attacker to cause denial of service conditions. Impact Level: Application

Solution

Upgrade to version 0.9.8n or later. For updates refer tohttp://www.slproweb.com/products/Win32OpenSSL.html

Insight

The flaw is due to error in 'kssl_keytab_is_available()' function in 'ssl/kssl.c' which does not check a certain return value when Kerberos is enabled. This allows NULL pointer dereference and daemon crash via SSL cipher negotiation.

Affected

OpenSSL version prior to 0.9.8n on Windows.

References

http://seclists.org/oss-sec/2010/q1/175
https://bugzilla.redhat.com/show_bug.cgi?id=567711
https://bugzilla.redhat.com/show_bug.cgi?id=569774

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-0433

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

eZ/eZphotoshare Denial of Service
F-PROT AV 'ELF' Header Denial of Service Vulnerability
FreeSWITCH 'switch_regex.c' Multiple Buffer Overflow Vulnerabilities
F-PROT Antivirus Multiple Vulnerabilities
Active Perl Denial of Service Vulnerability Feb 2014 (Windows)

Take action and discover your vulnerabilities