Информационная безопасность
[RU] switch to English


DoS условия в OpenSSL
Опубликовано:22 апреля 2010 г.
Источник:
SecurityVulns ID:10780
Тип:библиотека
Уровень опасности:
6/10
Описание:DoS-условия в функциях ssl3_get_record, kssl_keytab_is_available.
Затронутые продукты:OPENSSL : OpenSSL 0.9
CVE:CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.)
 CVE-2010-0433 (The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.)
Оригинальный текстdocumentUBUNTU, [ MDVSA-2010:076-1 ] openssl (22.04.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород