Computer Security
[EN] securityvulns.ru no-pyccku


OpenSSL DoS confitions
Published:22.04.2010
Source:
SecurityVulns ID:10780
Type:library
Threat Level:
6/10
Description:DoS conditions in ssl3_get_record and kssl_keytab_is_available functions.
Affected:OPENSSL : OpenSSL 0.9
CVE:CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.)
 CVE-2010-0433 (The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.)
Original documentdocumentUBUNTU, [ MDVSA-2010:076-1 ] openssl (22.04.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod