DescriptionThe kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
Note from the SUSE Security TeamOur version of OpenSSL is not compiled against krb5, so we are not affected by this problem. SUSE Bugzilla entry: 585396 [RESOLVED / INVALID] No SUSE Security Announcements cross referenced.
SUSE Timeline for this CVECVE page created: Fri Jun 28 03:36:18 2013
CVE page last modified: Fri Oct 7 12:45:52 2022