Flaws in LibreSSL could open web servers to attack

Fork of OpenSSL has serious vulnerabilities that could open servers to remote code execution.

LibreSSL is a fork of OpenSSL
LibreSSL is a fork of OpenSSL

A number of bugs have been discovered in the LibreSSL codebase that could leave servers open to remote code execution.

LibreSSL is a fork of the Open SSL library. Libre SSL was originally intended as a replacement for Open SSL following the discovery of the Heartbleed bug in Open SSL's code base.

The two flaws are a companion memory leak and a buffer overflow. The vulnerabilities were discovered by researchers from Qualys. The researchers said that the flaws affect all LibreSSL versions, including LibreSSL 2.0.0 (the first public release) and LibreSSL 2.3.0 (the latest release at the time of writing).

The memory leak (CVE-2015-5333) allows remote attackers to cause a denial of service (memory exhaustion), while the buffer overflow allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.

“This buffer overflow is stack-based and probably not exploitable on OpenBSD x86, where it appears to always smash the stack canary,” the researchers said in a security advisory.

The researchers found the flaws when they were looking to achieve remote code execution against the vulnerabilities that the researcher recently discovered in OpenSMTPD (CVE-2015-7687).

“Because we could not find one in OpenSMTPD itself, we started to review the malloc()s and free()s of its libraries, and eventually found a memory leak in LibreSSL's OBJ_obj2txt() function; we then realized that this function also contains a buffer overflow (an off-by-one, usually stack-based),” the researchers said.

Ivan Ristic, director of application security research at Qualys, told SCMagazineUK.com that in low-level programming languages, such as C, programmers are required to explicitly manage memory. “What this means is that they must reserve small chunks of memory for each operation they wish to carry out and ensure that they never exceed the reserved size. In this case, due to a programming error, it's possible to write one byte of data to an unexpected location,” he said.

Ristic said that LibreSSL was an attractive target because it is very widely used, meaning that any server that uses TLS can be targeted by attackers. “On the other hand, it's a fairly new library and not very widely deployed,” he said.

He added that when talking to a server that uses the vulnerable library, hackers can send a stream of data to exercise the vulnerability. “Successful exploitation might lead to DoS and buffer overflow attacks.”

He added that the flaw is in the X.509 certificate processing code. “This means that the vulnerability can be used against clients which have to process a server certificate on every TLS connection but very rarely against servers which process certificates only when client authentication is enabled, which is not very common. That said, those servers using client certificates are more likely to be valuable,” said Ristic.

Gavin Reid, vice president of threat intelligence at Lancope, told SC that Libre SSL was to be the “secure” SSL developed for OpenBSD created specifically to avoid security issues after the infamous Heartbleed attack. He said that both flaws have already been fixed.

“Kudos to the LibreSSL team for such a quick turnaround,” he said.