what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2010-0433

Status Candidate

Overview

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.

Related Files

VMware Security Advisory 2010-0015
Posted Sep 30, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory 2010-0015 - ESX 4.0 Console OS (COS) updates for NSS_db, OpenLDAP, cURL, sudo OpenSSL, GnuTLS, NSS and NSPR packages.

tags | advisory
advisories | CVE-2009-2409, CVE-2009-3245, CVE-2009-3555, CVE-2009-3767, CVE-2010-0433, CVE-2010-0734, CVE-2010-0826, CVE-2010-1646
SHA-256 | fdad8c6c91e0eabfe81a21d19d5f5d5ed52fdc1c4de978eea683eae1e3131b79
HP Security Bulletin HPSBUX02531 SSRT100108
Posted Jun 4, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2009-3094, CVE-2009-3095, CVE-2010-0408, CVE-2010-0740, CVE-2010-0433, CVE-2010-0434
SHA-256 | e61c4c47ea35e2d55864412f5203f99d8a7b3341bdcde1891b49d16f6e840b6b
Mandriva Linux Security Advisory 2010-076
Posted Apr 20, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-076 - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection. OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors. The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash). Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. Packages for 2009.0 are provided due to the Extended Maintenance Program.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2009-3555, CVE-2009-3245, CVE-2010-0740, CVE-2010-0433
SHA-256 | 11172d56889cc352548682b796e598baf6508870d7731f05c4647b445fbd3c72
Mandriva Linux Security Advisory 2010-076
Posted Apr 19, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-076 - The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection. OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls which has unspecified impact and context-dependent attack vectors. The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash). Finally, this update provides support for secure renegotiation, preventing men-in-the-middle attacks. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2009-3555, CVE-2009-3245, CVE-2010-0740, CVE-2010-0433
SHA-256 | 1b59ceccf86720022917393ba8d2460f6083ecf14b3020ddf7d6270d3d69d8ef
HP Security Bulletin HPSBUX02517 SSRT100058
Posted Apr 15, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities has been identified with HP-UX OpenSSL. These vulnerabilities could be exploited remotely for unauthorized information disclosure, unauthorized data modification, and to create a Denial of Service (DoS).

tags | advisory, denial of service, vulnerability, info disclosure
systems | hpux
advisories | CVE-2009-3245, CVE-2009-3555, CVE-2009-4355, CVE-2010-0433, CVE-2010-0740
SHA-256 | c857682698953533dc63f2a6dcb131ef084d3854fb472410abd958573610c961
OpenSSL Toolkit 1.0.0
Posted Mar 31, 2010
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Connection renegotiation was vastly improved to overcome protocol weaknesses. A recently introduced "Record of death" vulnerability was resolved. A possible crash, reported as CVE-2010-0433, was fixed. Some memory leaks were resolved. Initial TLSv1.1 support was added. Handling of TLS versions 2.0 and later was improved, and the highest version is now selected. Support for MD2 has been deprecated. Support for companion-algorithm specific ASN1 signing routines was added. Signature dumping was improved. Many other improvements and minor bugfixes were made.
tags | encryption, protocol
advisories | CVE-2010-0433
SHA-256 | 1bbf9afc5a6215121ac094147d0a84178294fe4c3d0a231731038fd3717ba7ca
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close