The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
2010-03-05T19:30:00.547
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:N/A:P
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | openssl | openssl | ≤ 0.9.8m | Yes |
| Application | openssl | openssl | 0.9.8 | Yes |
| Application | openssl | openssl | 0.9.8a | Yes |
| Application | openssl | openssl | 0.9.8b | Yes |
| Application | openssl | openssl | 0.9.8c | Yes |
| Application | openssl | openssl | 0.9.8d | Yes |
| Application | openssl | openssl | 0.9.8e | Yes |
| Application | openssl | openssl | 0.9.8f | Yes |
| Application | openssl | openssl | 0.9.8g | Yes |
| Application | openssl | openssl | 0.9.8h | Yes |
| Application | openssl | openssl | 0.9.8i | Yes |
| Application | openssl | openssl | 0.9.8j | Yes |
| Application | openssl | openssl | 0.9.8k | Yes |
| Application | openssl | openssl | 0.9.8l | Yes |