Vulnerabilities found in LibreSSL

Hi guys,

Serious vulnerabilities have been found in Fork of OpenSSL that could open servers to remote code execution.

LibreSSL is a fork of the Open SSL library. When Open SSL was known to be vulnerable to Heartbleed bug, Libre SSL was introduced as a replacement for it. The researchers from Qualys discovered the the two flaws – memory leak and a buffer overflow.

The researchers said that the flaws affect all LibreSSL versions, including LibreSSL 2.0.0 (the first public release) and LibreSSL 2.3.0.

Remote attackers can cause Denial of Service attacks(memory exhaustion) by exploiting the memory leak (CVE-2015-5333), while the buffer overflow allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.

“This buffer overflow is stack-based and probably not exploitable on OpenBSD x86, where it appears to always smash the stack canary,” said the researchers.

These flaws have been found by researchers while they were trying to succeed a remote code execution against the vulnerabilities recently discovered in OpenSMT iPD (CVE-2015-7687).

“Because we could not find one in OpenSMTPD itself, we started to review the malloc()s and free()s of its libraries, and eventually found a memory leak in LibreSSL’s OBJ_obj2txt() function; we then realized that this function also contains a buffer overflow (an off-by-one, usually stack-based),” the researchers said.


Ivan Ristic, director of application security research at Qualys, explained that low-level programming languages, such as C, programmers are required to explicitly manage memory. “What this means is that they must reserve small chunks of memory for each operation they wish to carry out and ensure that they never exceed the reserved size. In this case, due to a programming error, it’s possible to write one byte of data to an unexpected location,” he said.

LibreSSL is very widely used, so any server that uses TLS seem attractive to attackers.  “Successful exploitation might lead to DoS and buffer overflow attacks,” he added.

The flaw is said to be in the X.509 certificate processing code. “This means that the vulnerability can be used against clients which have to process a server certificate on every TLS connection but very rarely against servers which process certificates only when client authentication is enabled, which is not very common. That said, those servers using client certificates are more likely to be valuable,”


Stay tuned for more updates.

Source: Akati

Comments are closed.