from Hacker News

DoS exploit in openssl (Debian stable only)

by Gobiel on 5/18/14, 2:16 PM with 9 comments

  • by agl on 5/18/14, 3:29 PM

    Previously discussed: https://news.ycombinator.com/item?id=7682537

    My comment from last time:

    Good to note that this was found with KLEE[1]. KLEE is a good for symbolic execution of code and is very cool[2].

    This only triggers a crash if you use RELEASE_BUFFERS (not the default) and a warning alert is written when the socket buffer is full. About the only case where a warning alert is generated is when a client attempts a renegotiation without the renegotiation extension (unless insecure renegotiation is allowed by the app). I've not been able to trigger the bug in a test because code generally stops reading once the socket buffer is full so you need the application to exactly fill the socket buffer (so that it doesn't get EAGAIN), then a warning alert can just exceed it.

    [1] http://marc.info/?l=openssl-dev&m=139809493725682&w=2 [2] http://klee.github.io/klee/

  • by calpaterson on 5/18/14, 3:17 PM

    I can't see why the headline says this is exclusive to Debian stable - it applies to any distribution that shipped with OpenSSL 1.0 or greater. The RH bugtracker only mentions that RHEL5 is immune because they didn't ship OpenSSL 1.0. It seems that several packages enable SSL_MODE_RELEASE_BUFFERS including ruby and node:

    https://bugzilla.redhat.com/show_bug.cgi?id=1093837#c1

  • by itamarhaber on 5/18/14, 2:28 PM

    Good thing this only affects %29.8 of Linux distros out there (http://w3techs.com/technologies/details/os-linux/all/all) :P

  • by 0x0 on 5/18/14, 2:50 PM

    I don't think this is Debian stable only?

  • by jtwaleson on 5/18/14, 2:51 PM

    Does anyone know which packages have SSL_MODE_RELEASE_BUFFERS enabled and are vulnerable?