296,172
Total vulnerabilities in the database
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
| Software | From | Fixed in |
|---|---|---|
| openssl / openssl | 0.9.8b | 0.9.8b.x |
| openssl / openssl | 0.9.8c | 0.9.8c.x |
| openssl / openssl | 0.9.8e | 0.9.8e.x |
| openssl / openssl | - | 0.9.8m.x |
| openssl / openssl | 0.9.8g | 0.9.8g.x |
| openssl / openssl | 0.9.8k | 0.9.8k.x |
| openssl / openssl | 0.9.8d | 0.9.8d.x |
| openssl / openssl | 0.9.8j | 0.9.8j.x |
| openssl / openssl | 0.9.8l | 0.9.8l.x |
| openssl / openssl | 0.9.8a | 0.9.8a.x |
| openssl / openssl | 0.9.8 | 0.9.8.x |
| openssl / openssl | 0.9.8i | 0.9.8i.x |
| openssl / openssl | 0.9.8f | 0.9.8f.x |
| openssl / openssl | 0.9.8h | 0.9.8h.x |