In the kssl_keytab_is_availablefunction in ssl/kssl.c in OpenSSL before 0.9.8n., when Kerberos is enabled, but Kerberos configuration files cannot be opened, the function does not check a certain return value, which allows remote attackers to cause a Denial of Service (DoS) (NULL pointer dereference and daemon crash) through SSL cipher negotiation.
Impact
None