Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability bulletin CVE-2010-0433

OpenSSL: denial of service via Kerberos

Synthesis of the vulnerability

When OpenSSL supports the Kerberos key exchange, and when the server application is in a chroot jail, an attacker can send a special ClientHello message, in order to stop the application.
Severity: 2/4.
Creation date: 04/03/2010.

Description of the vulnerability

A CipherSuite is a threefold :
 - algorithm to exchange keys (RSA, DH, DHE, EllipCurveDH, Kerberos(RFC 2712))
 - algorithm to encrypt data (RC4, 3DES, AES, IDEA, DES)
 - algorithm to hash data, used for signature (HMAC-MD5, HMAC-SHA)

The SSL/TLS protocol uses the ClientHello message to indicate to the server the list of supported CipherSuites.

When OpenSSL supports the Kerberos key exchange, and when the server application is in a chroot jail, an attacker can send a ClientHello message, containing a CipherSuite TLS_KRB5_WITH_xyz. In this case, the Kerberos krb5_sname_to_principal() function returns a NULL pointer, which is dereferenced by OpenSSL kssl_keytab_is_available().

An attacker can therefore stop the TLS/SSL server.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: OpenSSL: denial of service via Kerberos.
Keywords: 2712 3DES AES CipherSuite CipherSuites ClientHello DES DHE EllipCurveDH HMAC-MD5 HMAC-SHA IDEA Kerberos NULL OpenSSL RC4 RFC RSA SSL TLS TLS_KRB5_WITH_xyz denial krb5_sname_to_principal kssl_keytab_is_available service.
Identifiers: 567711, 569774, BID-38533, c02079216, c02160663, CVE-2010-0433, FEDORA-2010-5357, FEDORA-2010-8742, HPSBUX02517, HPSBUX02531, MDVSA-2010:076, MDVSA-2010:076-1, RHSA-2010:0162-01, SSA:2010-090-01, SSRT100058, SSRT100108, VIGILANCE-VUL-9493.

Information sources

Publications and announces
Source example: Bug 567711 : Nessus PCI scan segfaults openssl dependent products due to kerberos enabled in openssl

Solutions for this vulnerability

Patch or workaround

Supplements

Attack

Exploit 0day or proof of concept

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Systems vulnerabilities



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française