CVE-2010-0433

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 0.9.8n OpenSSL versions prior to 1.0.0e

Description The issue is related to the kssl keytab is available function in OpenSSL, which, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value. This allows remote attackers to cause a denial of service via SSL cipher negotiation, potentially leading to a daemon crash. The vulnerability may also lead to disruptions in confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 0.9.8n, update to version 0.9.8n or later. For versions prior to 1.0.0e, update to version 1.0.0e or later. As a temporary workaround, consider disabling Kerberos support until a patch is available.