Secunia

Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) The "kssk_keytab_is_available()" function in ssl/kssl.c does not check the return value of a call to the "krb5_sname_to_principal()" function, which can be exploited to cause a NULL pointer dereference by e.g. sending certain cipher suites within the client hello.

Successful exploitation requires that OpenSSL is compiled with Kerberos support and may also depend on the Kerberos version and the setup.

2) An error exists within the "ssl3_get_record()" function in openssl/ssl/s3_pkt.c when processing certain records, which can be exploited to cause a crash by sending specially crafted records.

This vulnerability is reported in OpenSSL 0.9.8f through 0.9.8m. If the "short" data type is a 16-bit integer, this only affects OpenSSL 0.9.8m.

Solution
Update to version 0.9.8n.

Provided and/or discovered by
1) Todd Rinaldo
2) Bodo Moeller and Adam Langley, Google

Changelog
Further details available in Customer Area

Original Advisory
OpenSSL:
http://cvs.openssl.org/chngview?cn=19374
http://www.openssl.org/news/secadv_20100324.txt

Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=567711
https://bugzilla.redhat.com/show_bug.cgi?id=569774
http://www.openwall.com/lists/oss-security/2010/03/03/5

Deep Links
Links available in Customer Area