ID de Prueba:	1.3.6.1.4.1.25623.1.0.800490
Categoría:	Denial of Service
Título:	OpenSSL 'kssl_keytab_is_available()' DoS Vulnerability - Windows
Resumen:	OpenSSL is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: OpenSSL is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is due to error in 'kssl_keytab_is_available()' function in 'ssl/kssl.c' which does not check a certain return value when Kerberos is enabled. This allows NULL pointer dereference and daemon crash via SSL cipher negotiation. Vulnerability Impact: Successful exploitation will allow an attacker to cause DoS conditions. Affected Software/OS: OpenSSL version prior to 0.9.8n. Solution: Update to version 0.9.8n or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0433 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 39461 http://secunia.com/advisories/39461 39932 http://secunia.com/advisories/39932 42724 http://secunia.com/advisories/42724 42733 http://secunia.com/advisories/42733 43311 http://secunia.com/advisories/43311 ADV-2010-0839 http://www.vupen.com/english/advisories/2010/0839 ADV-2010-0916 http://www.vupen.com/english/advisories/2010/0916 ADV-2010-0933 http://www.vupen.com/english/advisories/2010/0933 ADV-2010-1216 http://www.vupen.com/english/advisories/2010/1216 FEDORA-2010-5357 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html FEDORA-2010-5744 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038587.html HPSBUX02517 http://marc.info/?l=bugtraq&m=127128920008563&w=2 HPSBUX02531 http://marc.info/?l=bugtraq&m=127557640302499&w=2 MDVSA-2010:076 http://www.mandriva.com/security/advisories?name=MDVSA-2010:076 SSRT100058 SSRT100108 [dovecot] 20100219 segfault - (imap|pop3)-login during nessus scan http://www.mail-archive.com/dovecot%40dovecot.org/msg26224.html [oss-security] 20100303 OpenSSL (with KRB5) remote crash - CVE-2010-0433 http://www.openwall.com/lists/oss-security/2010/03/03/5 [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html [syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc http://cvs.openssl.org/chngview?cn=19374 http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/c3e1ab0034ca4b4c/66aa896c3a78b2f7 http://www.openssl.org/news/changelog.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html https://bugzilla.redhat.com/show_bug.cgi?id=567711 https://bugzilla.redhat.com/show_bug.cgi?id=569774 https://kb.bluecoat.com/index?page=content&id=SA50 oval:org.mitre.oval:def:12260 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12260 oval:org.mitre.oval:def:6718 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6718 oval:org.mitre.oval:def:9856 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9856
Copyright	Copyright (C) 2010 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.