SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Bug-Hunt Turns Up Vulnerability in LibreSSL
Date    Monday October 19 2015, @11:05PM
Author    janrinok
Topic   
from the found-and-fixed dept.
https://soylentnews.org/article.pl?sid=15/10/19/155225

Arthur T Knackerbracket has found the following story:

What they've found is that there's a companion memory leak (CVE-2015-5333) and buffer overflow (CVE-2015-5334) in the SSL replacement candidate.

The researchers from Qualys (their notice published here) said they were trying to see if a remote code execution attack is feasible against vulnerabilities they've turned up in OpenSMTPD (which earlier this month hit version 5.7.3).

“Because we could not find one in OpenSMTPD itself, we started to review the malloc()s and free()s of its libraries, and eventually found a memory leak in LibreSSL's OBJ_obj2txt() function; we then realized that this function also contains a buffer overflow (an off-by-one, usually stack-based).”

The memory leak provides a path for an attacker to cause a denial-of-service attack, and also permits triggering of the buffer overflow.

The LibreSSL team has released fixes for OpenBSD.

Original Submission

Links
  1. "following story" - http://www.theregister.co.uk/2015/10/19/snmp_bughunt_turns_up_vuln_in_libressl/
  2. "here" - http://www.openwall.com/lists/oss-security/2015/10/16/1
  3. "OpenSMTPD" - https://www.opensmtpd.org/
  4. "version 5.7.3" - https://www.opensmtpd.org/announces/release-5.7.3.txt
  5. "released fixes for OpenBSD" - http://ftp.openbsd.org/pub/OpenBSD/patches/5.8/common/007_obj2txt.patch.sig
  6. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=10136
© Copyright 2023 - SoylentNews, All Rights Reserved

printed from SoylentNews, Bug-Hunt Turns Up Vulnerability in LibreSSL on 2023-06-21 07:52:19