Stories
Slash Boxes
Comments

SoylentNews is people

Bug-Hunt Turns Up Vulnerability in LibreSSL

posted by janrinok on Monday October 19 2015, @11:05PM   Printer-friendly
from the found-and-fixed dept.

Arthur T Knackerbracket has found the following story:

What they've found is that there's a companion memory leak (CVE-2015-5333) and buffer overflow (CVE-2015-5334) in the SSL replacement candidate.

The researchers from Qualys (their notice published here) said they were trying to see if a remote code execution attack is feasible against vulnerabilities they've turned up in OpenSMTPD (which earlier this month hit version 5.7.3).

“Because we could not find one in OpenSMTPD itself, we started to review the malloc()s and free()s of its libraries, and eventually found a memory leak in LibreSSL's OBJ_obj2txt() function; we then realized that this function also contains a buffer overflow (an off-by-one, usually stack-based).”

The memory leak provides a path for an attacker to cause a denial-of-service attack, and also permits triggering of the buffer overflow.

The LibreSSL team has released fixes for OpenBSD.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Bug-Hunt Turns Up Vulnerability in LibreSSL | Log In/Create an Account | Top | 23 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by LoRdTAW on Tuesday October 20 2015, @01:25PM

    by LoRdTAW (3755) on Tuesday October 20 2015, @01:25PM (#252279) Journal

    C is obviously too hard for humans such that do a "snprintf(buf, buf_len, ".%s", bndec)". :-)

    I think we can blame the C libraries for this.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2