Date: Tue, 29 Apr 2014 22:27:24 -0700 From: Cstdenis <cstdenis@ctgameinfo.com> To: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-14:09.openssl Message-ID: <536089BC.3060002@ctgameinfo.com> In-Reply-To: <201404300435.s3U4ZA17093706@freefall.freebsd.org> References: <201404300435.s3U4ZA17093706@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Based on the CVE, it looks like older versions may also be vulnerable. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298 On 4/29/2014 9:35 PM, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > ============================================================================= > FreeBSD-SA-14:09.openssl Security Advisory > The FreeBSD Project > > Topic: OpenSSL use-after-free vulnerability > > Category: contrib > Module: openssl > Announced: 2014-04-30 > Affects: FreeBSD 10.x. > Corrected: 2014-04-30 04:03:05 UTC (stable/10, 10.0-STABLE) > 2014-04-30 04:04:42 UTC (releng/10.0, 10.0-RELEASE-p2) > CVE Name: CVE-2010-5298 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:http://security.FreeBSD.org/>. > > I. Background > > FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is > a collaborative effort to develop a robust, commercial-grade, full-featured > Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) > and Transport Layer Security (TLS v1) protocols as well as a full-strength > general purpose cryptography library. > > OpenSSL context can be set to a mode called SSL_MODE_RELEASE_BUFFERS, which > requests the library to release the memory it holds when a read or write buffer > is no longer needed for the context. > > II. Problem Description > > The buffer may be released before the library have finished using it. It is > possible that a different SSL connection in the same process would use the > released buffer and write data into it. > > III. Impact > > An attacker may be able to inject data to a different connection that they > should not be able to. > > IV. Workaround > > No workaround is available, but systems that do not use OpenSSL to implement > the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) > protocols, or not using SSL_MODE_RELEASE_BUFFERS and use the same process > to handle multiple SSL connections, are not vulnerable. > > The FreeBSD base system service daemons and utilities do not use the > SSL_MODE_RELEASE_BUFFERS mode. However, many third party software uses this > mode to reduce their memory footprint and may therefore be affected by this > issue. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. > > 2) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch > # fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch.asc > # gpg --verify openssl.patch.asc > > Restart all deamons using the library, or reboot the system. > > 3) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > > VI. Correction details > > The following list contains the correction revision numbers for each > affected branch. > > Branch/path Revision > - ------------------------------------------------------------------------- > stable/10/ r265122 > releng/10.0/ r265124 > - ------------------------------------------------------------------------- > > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: > > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base > > Or visit the following URL, replacing NNNNNN with the revision number: > > <URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; > > VII. References > > <URL:http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig>; > > <URL:https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest>; > > <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298>; > > The latest revision of this advisory is available at > <URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:09.openssl.asc>; > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (FreeBSD) > > iQIcBAEBCgAGBQJTYHsHAAoJEO1n7NZdz2rn2EsP+wYlobS4EiYtgspXAFgKLha1 > 0aeA7UokUs21QRTV9tIiFD0Se5HwdmHdh94bRJMRFraU22QYbAelG5GPsZPdRCt4 > 0ECLKUBDK6ng2M7UNyKhkstsL0+wBq6y5dzKjpR49QX4Vh2zEUYw5BcC5vrIk+YK > Qazq8l1t5bl9ebm9rIDmd2uCv/Qe1MgnMlAczeH9HckfzMiH6NhnAuiYpP7K0mIL > By6gpSxsHPeQShgJN/5kJjVGkdQK1/A1q0KnNf5r/itQdSC96NazKpCCpkud6RMm > k9aPxI5As5Scl70zuCUDAS6vbNI3dvzCU46k8t65/FTeYQO2lxje0QZpqaDiB3+2 > tbN5kDviQdWHlJyygCeNK3jxdv0H3+zUZidjPuo158Zcbhb4ckTEZtMtgTn0fRoY > alG8qLn3hLj51fPHQK3Ff96xL+1DrhT+3D18OYIbjx7LKtsJJbnorB3jrbW68Ggr > h0bW+8yAm1jDFM4kPQw6gcrmtyjxNhnVRLoeoBPSIkmS9cm+12YcXufbSyLm/WqG > hkpPCrvUXibZmLi0CDlRMhLkjaOUhEXQsV3OR0gCmuFtN52gncyrIoPaxs79HZ1A > g2JxLp7b56B2XOyakEmNc+rqJJkzi+LV8HTp5DcrbXjAunYk9ipfxPakqXFDD6jV > L3ElC6aFDJ2UchtmjBRk > =Y+tE > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-announce@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-announce > To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?536089BC.3060002>